Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-25647 (GCVE-0-2022-25647)
Vulnerability from cvelistv5 – Published: 2022-05-01 15:30 – Updated: 2026-05-27 14:03
VLAI
EPSS
Title
Deserialization of Untrusted Data
Summary
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
Severity
7.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Deserialization of Untrusted Data
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-… | x_refsource_MISC |
| https://github.com/google/gson/pull/1991 | x_refsource_MISC |
| https://github.com/google/gson/pull/1991/commits | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2022090… | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2022/dsa-5227 | vendor-advisoryx_refsource_DEBIAN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | com.google.code.gson:gson |
Affected:
unspecified , < 2.8.9
(custom)
|
Date Public
2022-05-01 00:00
Credits
Marcono1234
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:42:50.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/google/gson/pull/1991"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/google/gson/pull/1991/commits"
},
{
"name": "[debian-lts-announce] 20220513 [SECURITY] [DLA 3001-1] libgoogle-gson-java security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00015.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220901-0009/"
},
{
"name": "[debian-lts-announce] 20220907 [SECURITY] [DLA 3100-1] libgoogle-gson-java security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00009.html"
},
{
"name": "DSA-5227",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5227"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25647",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-22T13:25:33.911049Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T14:03:51.561Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.google.code.gson:gson",
"vendor": "n/a",
"versions": [
{
"lessThan": "2.8.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Marcono1234"
}
],
"datePublic": "2022-05-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Deserialization of Untrusted Data",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-07T20:06:16.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/google/gson/pull/1991"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/google/gson/pull/1991/commits"
},
{
"name": "[debian-lts-announce] 20220513 [SECURITY] [DLA 3001-1] libgoogle-gson-java security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00015.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220901-0009/"
},
{
"name": "[debian-lts-announce] 20220907 [SECURITY] [DLA 3100-1] libgoogle-gson-java security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00009.html"
},
{
"name": "DSA-5227",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5227"
}
],
"title": "Deserialization of Untrusted Data",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2022-05-01T15:25:25.581039Z",
"ID": "CVE-2022-25647",
"STATE": "PUBLIC",
"TITLE": "Deserialization of Untrusted Data"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "com.google.code.gson:gson",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.8.9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Marcono1234"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327"
},
{
"name": "https://github.com/google/gson/pull/1991",
"refsource": "MISC",
"url": "https://github.com/google/gson/pull/1991"
},
{
"name": "https://github.com/google/gson/pull/1991/commits",
"refsource": "MISC",
"url": "https://github.com/google/gson/pull/1991/commits"
},
{
"name": "[debian-lts-announce] 20220513 [SECURITY] [DLA 3001-1] libgoogle-gson-java security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00015.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220901-0009/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220901-0009/"
},
{
"name": "[debian-lts-announce] 20220907 [SECURITY] [DLA 3100-1] libgoogle-gson-java security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00009.html"
},
{
"name": "DSA-5227",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2022-25647",
"datePublished": "2022-05-01T15:30:29.223Z",
"dateReserved": "2022-02-24T00:00:00.000Z",
"dateUpdated": "2026-05-27T14:03:51.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-25647",
"date": "2026-06-19",
"epss": "0.11961",
"percentile": "0.95586"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:gson:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.2.3\", \"versionEndExcluding\": \"2.8.9\", \"matchCriteriaId\": \"BDD6E481-96F1-4FE9-9283-775786501464\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*\", \"matchCriteriaId\": \"F3E0B672-3E06-4422-B2A4-0BD073AEC2A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*\", \"matchCriteriaId\": \"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"B55E8D50-99B4-47EC-86F9-699B67D473CE\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55F091C7-0869-4FD6-AC73-DA697D990304\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D134C60-F9E2-46C2-8466-DB90AD98439E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:graalvm:20.3.6:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"7D961E24-EA18-4217-B5F5-F847726D84E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:graalvm:21.3.2:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"601D92C4-F71F-47E2-9041-5C286D2137F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:graalvm:22.1.0:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"B18FE85D-C53D-44E9-8992-715820D1264B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7BD0D41-1BED-4C4F-95C8-8987C98908DA\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.\"}, {\"lang\": \"es\", \"value\": \"El paquete com.google.code.gson:gson versiones anteriores a 2.8.9, son vulnerables a una Deserializaci\\u00f3n de Datos No Confiables por medio del m\\u00e9todo writeReplace() en clases internas, lo cual puede conllevar a ataques DoS\"}]",
"id": "CVE-2022-25647",
"lastModified": "2024-11-21T06:52:30.240",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"report@snyk.io\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H\", \"baseScore\": 7.7, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.5}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2022-05-01T16:15:08.603",
"references": "[{\"url\": \"https://github.com/google/gson/pull/1991\", \"source\": \"report@snyk.io\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/google/gson/pull/1991/commits\", \"source\": \"report@snyk.io\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/05/msg00015.html\", \"source\": \"report@snyk.io\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/09/msg00009.html\", \"source\": \"report@snyk.io\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220901-0009/\", \"source\": \"report@snyk.io\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327\", \"source\": \"report@snyk.io\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5227\", \"source\": \"report@snyk.io\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"source\": \"report@snyk.io\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/google/gson/pull/1991\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/google/gson/pull/1991/commits\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/05/msg00015.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/09/msg00009.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220901-0009/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5227\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-25647\",\"sourceIdentifier\":\"report@snyk.io\",\"published\":\"2022-05-01T16:15:08.603\",\"lastModified\":\"2024-11-21T06:52:30.240\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.\"},{\"lang\":\"es\",\"value\":\"El paquete com.google.code.gson:gson versiones anteriores a 2.8.9, son vulnerables a una Deserializaci\u00f3n de Datos No Confiables por medio del m\u00e9todo writeReplace() en clases internas, lo cual puede conllevar a ataques DoS\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:gson:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.2.3\",\"versionEndExcluding\":\"2.8.9\",\"matchCriteriaId\":\"BDD6E481-96F1-4FE9-9283-775786501464\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*\",\"matchCriteriaId\":\"F3E0B672-3E06-4422-B2A4-0BD073AEC2A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"B55E8D50-99B4-47EC-86F9-699B67D473CE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55F091C7-0869-4FD6-AC73-DA697D990304\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D134C60-F9E2-46C2-8466-DB90AD98439E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:20.3.6:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"7D961E24-EA18-4217-B5F5-F847726D84E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:21.3.2:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"601D92C4-F71F-47E2-9041-5C286D2137F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:22.1.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"B18FE85D-C53D-44E9-8992-715820D1264B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7BD0D41-1BED-4C4F-95C8-8987C98908DA\"}]}]}],\"references\":[{\"url\":\"https://github.com/google/gson/pull/1991\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/google/gson/pull/1991/commits\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/05/msg00015.html\",\"source\":\"report@snyk.io\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/09/msg00009.html\",\"source\":\"report@snyk.io\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220901-0009/\",\"source\":\"report@snyk.io\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327\",\"source\":\"report@snyk.io\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5227\",\"source\":\"report@snyk.io\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/google/gson/pull/1991\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/google/gson/pull/1991/commits\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/05/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/09/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220901-0009/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5227\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/google/gson/pull/1991\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/google/gson/pull/1991/commits\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/05/msg00015.html\", \"name\": \"[debian-lts-announce] 20220513 [SECURITY] [DLA 3001-1] libgoogle-gson-java security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220901-0009/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/09/msg00009.html\", \"name\": \"[debian-lts-announce] 20220907 [SECURITY] [DLA 3100-1] libgoogle-gson-java security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5227\", \"name\": \"DSA-5227\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T04:42:50.328Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-25647\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-22T13:25:33.911049Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502 Deserialization of Untrusted Data\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-22T13:25:27.538Z\"}}], \"cna\": {\"title\": \"Deserialization of Untrusted Data\", \"credits\": [{\"lang\": \"en\", \"value\": \"Marcono1234\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"com.google.code.gson:gson\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"2.8.9\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2022-05-01T00:00:00.000Z\", \"references\": [{\"url\": \"https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/google/gson/pull/1991\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/google/gson/pull/1991/commits\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/05/msg00015.html\", \"name\": \"[debian-lts-announce] 20220513 [SECURITY] [DLA 3001-1] libgoogle-gson-java security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220901-0009/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/09/msg00009.html\", \"name\": \"[debian-lts-announce] 20220907 [SECURITY] [DLA 3100-1] libgoogle-gson-java security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5227\", \"name\": \"DSA-5227\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Deserialization of Untrusted Data\"}]}], \"providerMetadata\": {\"orgId\": \"bae035ff-b466-4ff4-94d0-fc9efd9e1730\", \"shortName\": \"snyk\", \"dateUpdated\": \"2022-09-07T20:06:16.000Z\"}, \"x_legacyV4Record\": {\"credit\": [{\"lang\": \"eng\", \"value\": \"Marcono1234\"}], \"impact\": {\"cvss\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"2.8.9\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"com.google.code.gson:gson\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327\", \"name\": \"https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327\", \"refsource\": \"MISC\"}, {\"url\": \"https://github.com/google/gson/pull/1991\", \"name\": \"https://github.com/google/gson/pull/1991\", \"refsource\": \"MISC\"}, {\"url\": \"https://github.com/google/gson/pull/1991/commits\", \"name\": \"https://github.com/google/gson/pull/1991/commits\", \"refsource\": \"MISC\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/05/msg00015.html\", \"name\": \"[debian-lts-announce] 20220513 [SECURITY] [DLA 3001-1] libgoogle-gson-java security update\", \"refsource\": \"MLIST\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"name\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220901-0009/\", \"name\": \"https://security.netapp.com/advisory/ntap-20220901-0009/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/09/msg00009.html\", \"name\": \"[debian-lts-announce] 20220907 [SECURITY] [DLA 3100-1] libgoogle-gson-java security update\", \"refsource\": \"MLIST\"}, {\"url\": \"https://www.debian.org/security/2022/dsa-5227\", \"name\": \"DSA-5227\", \"refsource\": \"DEBIAN\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Deserialization of Untrusted Data\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-25647\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Deserialization of Untrusted Data\", \"ASSIGNER\": \"report@snyk.io\", \"DATE_PUBLIC\": \"2022-05-01T15:25:25.581039Z\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-25647\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-27T14:03:51.561Z\", \"dateReserved\": \"2022-02-24T00:00:00.000Z\", \"assignerOrgId\": \"bae035ff-b466-4ff4-94d0-fc9efd9e1730\", \"datePublished\": \"2022-05-01T15:30:29.223Z\", \"assignerShortName\": \"snyk\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2023_3299
Vulnerability from csaf_redhat - Published: 2023-05-24 17:13 - Updated: 2024-12-17 22:55Summary
Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
Severity
Important
Notes
Topic: An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* apache-commons-text: variable interpolation RCE (CVE-2022-42889)
* google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization (CVE-2020-7692)
* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)
* kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* springframework: Authorization Bypass in RegexRequestMatcher (CVE-2022-22978)
* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)
* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)
* Jenkins: Denial of Service attack (CVE-2023-27900)
* Jenkins: Denial of Service attack (CVE-2023-27901)
* Jenkins: Workspace temporary directories accessible through directory browser (CVE-2023-27902)
* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0.
7.4 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src | — |
Threats
Impact
Moderate
A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.
6.7 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src | — |
Threats
Impact
Moderate
A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src | — |
Threats
Impact
Moderate
A flaw was found in Spring Security. When using RegexRequestMatcher, an easy misconfiguration can bypass some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
9.8 (Critical)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src | — |
Threats
Impact
Moderate
A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src | — |
Threats
Impact
Moderate
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src | — |
Threats
Impact
Moderate
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src | — |
Threats
Impact
Moderate
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.
9.8 (Critical)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
8.8 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src | — |
Threats
Impact
Important
A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.
6.5 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src | — |
Threats
Impact
Moderate
A flaw was found in the Jenkins JUnit plugin. The affected versions of the JUnit Plugin do not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability. This may allow an attacker to control test case class names in the JUnit resources processed by the plugin.
5.4 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src | — |
Threats
Impact
Moderate
A flaw was found in the Jenkins pipeline-build-step plugin. Affected versions of the pipeline-build-step plugin do not escape job names in a JavaScript expression used in the Pipeline Snippet Generator. This can result in a stored cross-site scripting (XSS) vulnerability that may allow attackers to control job names.
5.4 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src | — |
Threats
Impact
Moderate
A flaw was found in Jenkins. Affected versions of Jenkins use the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src | — |
Threats
Impact
Moderate
A flaw was found in Jenkins. Affected versions of Jenkins use the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src | — |
Threats
Impact
Moderate
A flaw was found in Jenkins. Jenkins uses temporary directories adjacent to workspace directories, usually with the @tmp name suffix, to store temporary files related to the build. In pipelines, these temporary directories are adjacent to the current working directory when operating in a subdirectory of the automatically allocated workspace. Jenkins-controlled processes, like SCMs, may store credentials in these directories. Affected versions of Jenkins show these temporary directories when viewing job workspaces, which allows attackers with Item/Workspace permission to access their contents.
4.3 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src | — |
Threats
Impact
Moderate
A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.
5.3 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src | — |
Threats
Impact
Low
References
96 references
Acknowledgments
Jordy Versmissen
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization (CVE-2020-7692)\n\n* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)\n\n* kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* springframework: Authorization Bypass in RegexRequestMatcher (CVE-2022-22978)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)\n\n* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)\n\n* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)\n\n* Jenkins: Denial of Service attack (CVE-2023-27900)\n\n* Jenkins: Denial of Service attack (CVE-2023-27901)\n\n* Jenkins: Workspace temporary directories accessible through directory browser (CVE-2023-27902)\n\n* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:3299",
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1856376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856376"
},
{
"category": "external",
"summary": "2034388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034388"
},
{
"category": "external",
"summary": "2087606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087606"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2134292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134292"
},
{
"category": "external",
"summary": "2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "2164278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278"
},
{
"category": "external",
"summary": "2170039",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039"
},
{
"category": "external",
"summary": "2170041",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041"
},
{
"category": "external",
"summary": "2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "2177630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177630"
},
{
"category": "external",
"summary": "2177634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634"
},
{
"category": "external",
"summary": "2177638",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177638"
},
{
"category": "external",
"summary": "2177646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177646"
},
{
"category": "external",
"summary": "2185707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185707"
},
{
"category": "external",
"summary": "PITEAM-10",
"url": "https://issues.redhat.com/browse/PITEAM-10"
},
{
"category": "external",
"summary": "PITEAM-9",
"url": "https://issues.redhat.com/browse/PITEAM-9"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3299.json"
}
],
"title": "Red Hat Security Advisory: jenkins and jenkins-2-plugins security update",
"tracking": {
"current_release_date": "2024-12-17T22:55:52+00:00",
"generator": {
"date": "2024-12-17T22:55:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:3299",
"initial_release_date": "2023-05-24T17:13:53+00:00",
"revision_history": [
{
"date": "2023-05-24T17:13:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-24T17:13:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T22:55:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.13",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.13::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.387.3.1684911776-3.el8.src",
"product": {
"name": "jenkins-0:2.387.3.1684911776-3.el8.src",
"product_id": "jenkins-0:2.387.3.1684911776-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.387.3.1684911776-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.13.1684911916-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.13.1684911916-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.13.1684911916-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1684911916-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.387.3.1684911776-3.el8.noarch",
"product": {
"name": "jenkins-0:2.387.3.1684911776-3.el8.noarch",
"product_id": "jenkins-0:2.387.3.1684911776-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.387.3.1684911776-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1684911916-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.387.3.1684911776-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch"
},
"product_reference": "jenkins-0:2.387.3.1684911776-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.387.3.1684911776-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
},
"product_reference": "jenkins-0:2.387.3.1684911776-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.13.1684911916-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.13.1684911916-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-7692",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2020-07-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1856376"
}
],
"notes": [
{
"category": "description",
"text": "PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-7692"
},
{
"category": "external",
"summary": "RHBZ#1856376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7692",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7692"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7692",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7692"
}
],
"release_date": "2020-07-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization"
},
{
"acknowledgments": [
{
"names": [
"Jordy Versmissen"
]
}
],
"cve": "CVE-2021-4178",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2021-12-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2034388"
}
],
"notes": [
{
"category": "description",
"text": "A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubernetes-client: Insecure deserialization in unmarshalYaml method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CodeReady Studio 12 is not affected by this flaw because it does not ship a vulnerable version of kubernetes-client; the version that it ships does not use SnakeYAML.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4178"
},
{
"category": "external",
"summary": "RHBZ#2034388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4178",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4178"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4178",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4178"
}
],
"release_date": "2022-01-05T15:05:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kubernetes-client: Insecure deserialization in unmarshalYaml method"
},
{
"cve": "CVE-2021-46877",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-04-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-46877"
},
{
"category": "external",
"summary": "RHBZ#2185707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-46877",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46877"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-46877",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46877"
}
],
"release_date": "2023-03-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode"
},
{
"cve": "CVE-2022-22978",
"cwe": {
"id": "CWE-1220",
"name": "Insufficient Granularity of Access Control"
},
"discovery_date": "2022-05-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2087606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Security. When using RegexRequestMatcher, an easy misconfiguration can bypass some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: Authorization Bypass in RegexRequestMatcher",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22978"
},
{
"category": "external",
"summary": "RHBZ#2087606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22978",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22978"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22978",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22978"
},
{
"category": "external",
"summary": "https://tanzu.vmware.com/security/cve-2022-22978",
"url": "https://tanzu.vmware.com/security/cve-2022-22978"
}
],
"release_date": "2022-05-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "springframework: Authorization Bypass in RegexRequestMatcher"
},
{
"cve": "CVE-2022-25647",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-05-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2080850"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25647"
},
{
"category": "external",
"summary": "RHBZ#2080850",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647"
}
],
"release_date": "2022-05-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson"
},
{
"cve": "CVE-2022-40151",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134292"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40151"
},
{
"category": "external",
"summary": "RHBZ#2134292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134292"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40151",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40151"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-42889",
"cwe": {
"id": "CWE-1188",
"name": "Initialization of a Resource with an Insecure Default"
},
"discovery_date": "2022-10-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135435"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-text: variable interpolation RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42889"
},
{
"category": "external",
"summary": "RHBZ#2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889"
},
{
"category": "external",
"summary": "https://blogs.apache.org/security/entry/cve-2022-42889",
"url": "https://blogs.apache.org/security/entry/cve-2022-42889"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om",
"url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om"
},
{
"category": "external",
"summary": "https://seclists.org/oss-sec/2022/q4/22",
"url": "https://seclists.org/oss-sec/2022/q4/22"
}
],
"release_date": "2022-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
},
{
"category": "workaround",
"details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-text: variable interpolation RCE"
},
{
"cve": "CVE-2023-24422",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-01-25T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2164278"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as out of support scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24422"
},
{
"category": "external",
"summary": "RHBZ#2164278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24422",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24422"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016",
"url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016"
}
],
"release_date": "2023-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin"
},
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2172298"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "FileUpload: FileUpload DoS with excessive parts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "RHBZ#2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5",
"url": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5"
}
],
"release_date": "2023-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "FileUpload: FileUpload DoS with excessive parts"
},
{
"cve": "CVE-2023-25761",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170039"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins JUnit plugin. The affected versions of the JUnit Plugin do not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability. This may allow an attacker to control test case class names in the JUnit resources processed by the plugin.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-25761"
},
{
"category": "external",
"summary": "RHBZ#2170039",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-25761",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032",
"url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin"
},
{
"cve": "CVE-2023-25762",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170041"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins pipeline-build-step plugin. Affected versions of the pipeline-build-step plugin do not escape job names in a JavaScript expression used in the Pipeline Snippet Generator. This can result in a stored cross-site scripting (XSS) vulnerability that may allow attackers to control job names.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-25762"
},
{
"category": "external",
"summary": "RHBZ#2170041",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-25762",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25762"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019",
"url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin"
},
{
"cve": "CVE-2023-27900",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2023-03-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2177638"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. Affected versions of Jenkins use the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: Denial of Service attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27900"
},
{
"category": "external",
"summary": "RHBZ#2177638",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177638"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27900"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030",
"url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030"
}
],
"release_date": "2023-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Jenkins: Denial of Service attack"
},
{
"cve": "CVE-2023-27901",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2023-03-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2177646"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. Affected versions of Jenkins use the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: Denial of Service attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27901"
},
{
"category": "external",
"summary": "RHBZ#2177646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177646"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27901",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27901"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27901",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27901"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030",
"url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030"
}
],
"release_date": "2023-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Jenkins: Denial of Service attack"
},
{
"cve": "CVE-2023-27902",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2023-03-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2177630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. Jenkins uses temporary directories adjacent to workspace directories, usually with the @tmp name suffix, to store temporary files related to the build. In pipelines, these temporary directories are adjacent to the current working directory when operating in a subdirectory of the automatically allocated workspace. Jenkins-controlled processes, like SCMs, may store credentials in these directories. Affected versions of Jenkins show these temporary directories when viewing job workspaces, which allows attackers with Item/Workspace permission to access their contents.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: Workspace temporary directories accessible through directory browser",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27902"
},
{
"category": "external",
"summary": "RHBZ#2177630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27902",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27902"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27902",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27902"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-1807",
"url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-1807"
}
],
"release_date": "2023-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Jenkins: Workspace temporary directories accessible through directory browser"
},
{
"cve": "CVE-2023-27904",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-03-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2177634"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: Information disclosure through error stack traces related to agents",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27904"
},
{
"category": "external",
"summary": "RHBZ#2177634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120",
"url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120"
}
],
"release_date": "2023-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-24T17:13:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3299"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.387.3.1684911776-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1684911916-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Jenkins: Information disclosure through error stack traces related to agents"
}
]
}
RHSA-2025:4226
Vulnerability from csaf_redhat - Published: 2025-04-28 00:20 - Updated: 2026-06-15 18:47Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.10 on RHEL 7 security update
Severity
Important
Notes
Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.1.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.9, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.1.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. At HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.
7.5 (High)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
99 references
Acknowledgments
System and Software Security Lab in Fudan University
Keke Lian & Haoran Zhao
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.1.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.9, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.1.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:4226",
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "1991299",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991299"
},
{
"category": "external",
"summary": "1995259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995259"
},
{
"category": "external",
"summary": "2010378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010378"
},
{
"category": "external",
"summary": "2011190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011190"
},
{
"category": "external",
"summary": "2063601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601"
},
{
"category": "external",
"summary": "2064226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226"
},
{
"category": "external",
"summary": "2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "2073890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890"
},
{
"category": "external",
"summary": "2080850",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850"
},
{
"category": "external",
"summary": "2095862",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095862"
},
{
"category": "external",
"summary": "2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "2174246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246"
},
{
"category": "external",
"summary": "2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "2209689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209689"
},
{
"category": "external",
"summary": "2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "JBEAP-29286",
"url": "https://issues.redhat.com/browse/JBEAP-29286"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_4226.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.10 on RHEL 7 security update",
"tracking": {
"current_release_date": "2026-06-15T18:47:06+00:00",
"generator": {
"date": "2026-06-15T18:47:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2025:4226",
"initial_release_date": "2025-04-28T00:20:32+00:00",
"revision_history": [
{
"date": "2025-04-28T00:20:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-04-28T00:20:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-15T18:47:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"product_id": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.5.11-1.Final_redhat_00001.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"product": {
"name": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"product_id": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@5.0.3-2.redhat_00002.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src",
"product": {
"name": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src",
"product_id": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xml-security@2.0.10-2.redhat_00002.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"product": {
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"product_id": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jsoup@1.14.2-1.redhat_00002.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"product": {
"name": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"product_id": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"product": {
"name": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"product_id": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@1.4.18-14.SP13_redhat_00001.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"product": {
"name": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"product_id": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"product": {
"name": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"product_id": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.1.10-2.GA_redhat_00002.1.ep7.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.5.11-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"product": {
"name": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"product_id": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@5.0.3-2.redhat_00002.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"product": {
"name": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"product_id": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xml-security@2.0.10-2.redhat_00002.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"product": {
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"product_id": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jsoup@1.14.2-1.redhat_00002.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-native@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@1.4.18-14.SP13_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.1.10-2.GA_redhat_00002.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.1.10-2.GA_redhat_00002.1.ep7.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"product": {
"name": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"product_id": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"product": {
"name": "eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"product_id": "eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native-wildfly@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"product": {
"name": "eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"product_id": "eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native-debuginfo@1.5.5.016-1.redhat_00001.1.ep7.el7?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src"
},
"product_reference": "eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src"
},
"product_reference": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64"
},
"product_reference": "eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64"
},
"product_reference": "eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64"
},
"product_reference": "eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch"
},
"product_reference": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src"
},
"product_reference": "eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src"
},
"product_reference": "eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src"
},
"product_reference": "eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch"
},
"product_reference": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src"
},
"product_reference": "eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch"
},
"product_reference": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
},
"product_reference": "eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3690",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2021-08-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1991299"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: buffer leak on incoming websocket PONG message may lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Although Red Hat OpenStack Platform packages the vulnerable code in Opendaylight, it does not use or support the undertow-encapsulating features. The security impact for RHOSP is therefore rated as Low and no update will be provided at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3690"
},
{
"category": "external",
"summary": "RHBZ#1991299",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991299"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3690"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3690",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3690"
}
],
"release_date": "2021-07-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: buffer leak on incoming websocket PONG message may lead to DoS"
},
{
"cve": "CVE-2021-3859",
"cwe": {
"id": "CWE-214",
"name": "Invocation of Process Using Visible Sensitive Information"
},
"discovery_date": "2021-09-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2010378"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: client side invocation timeout raised when calling over HTTP2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3859"
},
{
"category": "external",
"summary": "RHBZ#2010378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010378"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3859",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3859"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3859",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3859"
}
],
"release_date": "2022-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: client side invocation timeout raised when calling over HTTP2"
},
{
"cve": "CVE-2021-37714",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-08-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1995259"
}
],
"notes": [
{
"category": "description",
"text": "jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-37714"
},
{
"category": "external",
"summary": "RHBZ#1995259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995259"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-37714",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37714"
},
{
"category": "external",
"summary": "https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c",
"url": "https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c"
}
],
"release_date": "2021-08-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck"
},
{
"cve": "CVE-2021-40690",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-09-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2011190"
}
],
"notes": [
{
"category": "description",
"text": "All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the \"secureValidation\" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xml-security: XPath Transform abuse allows for information disclosure",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Since OpenShift Container Platform (OCP) 4.7, the logging-elasticsearch6-container is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-40690"
},
{
"category": "external",
"summary": "RHBZ#2011190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011190"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-40690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40690"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-40690",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40690"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread.html/r8848751b6a5dd78cc9e99d627e74fecfaffdfa1bb615dce827aad633%40%3Cdev.santuario.apache.org%3E",
"url": "https://lists.apache.org/thread.html/r8848751b6a5dd78cc9e99d627e74fecfaffdfa1bb615dce827aad633%40%3Cdev.santuario.apache.org%3E"
}
],
"release_date": "2021-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xml-security: XPath Transform abuse allows for information disclosure"
},
{
"cve": "CVE-2022-0084",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064226"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0084"
},
{
"category": "external",
"summary": "RHBZ#2064226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0084"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084"
}
],
"release_date": "2022-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr"
},
{
"cve": "CVE-2022-1319",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-04-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2073890"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1319"
},
{
"category": "external",
"summary": "RHBZ#2073890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319"
}
],
"release_date": "2022-04-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures"
},
{
"cve": "CVE-2022-2053",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2095862"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Large AJP request may cause DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse 7 is now in Maintenance Support Phase and is marked Fixed. However, Red Hat Fuse Online does not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2053"
},
{
"category": "external",
"summary": "RHBZ#2095862",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095862"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2053",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2053"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2053",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2053"
}
],
"release_date": "2022-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Large AJP request may cause DoS"
},
{
"cve": "CVE-2022-23913",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2063601"
}
],
"notes": [
{
"category": "description",
"text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "artemis-commons: Apache ActiveMQ Artemis DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23913"
},
{
"category": "external",
"summary": "RHBZ#2063601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2",
"url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2"
}
],
"release_date": "2022-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "artemis-commons: Apache ActiveMQ Artemis DoS"
},
{
"cve": "CVE-2022-24785",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-04-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072009"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moment.js: Path traversal in moment.locale",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Quay 3.10 and above, no version of affected momentjs is present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24785"
},
{
"category": "external",
"summary": "RHBZ#2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
"url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
}
],
"release_date": "2022-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
},
{
"category": "workaround",
"details": "Sanitize the user-provided locale name before passing it to Moment.js.",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moment.js: Path traversal in moment.locale"
},
{
"cve": "CVE-2022-25647",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-05-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2080850"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25647"
},
{
"category": "external",
"summary": "RHBZ#2080850",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647"
}
],
"release_date": "2022-05-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson"
},
{
"cve": "CVE-2022-25857",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2126789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25857"
},
{
"category": "external",
"summary": "RHBZ#2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525"
}
],
"release_date": "2022-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections"
},
{
"cve": "CVE-2022-40149",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135771"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: parser crash by stackoverflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40149"
},
{
"category": "external",
"summary": "RHBZ#2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: parser crash by stackoverflow"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2023-1108",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2023-02-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2174246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Undertow: Infinite loop in SslConduit during close",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1108"
},
{
"category": "external",
"summary": "RHBZ#2174246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1108",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1108"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1108",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1108"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-m4mm-pg93-fv78",
"url": "https://github.com/advisories/GHSA-m4mm-pg93-fv78"
}
],
"release_date": "2023-03-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Undertow: Infinite loop in SslConduit during close"
},
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Keke Lian \u0026 Haoran Zhao"
],
"organization": "System and Software Security Lab in Fudan University"
}
],
"cve": "CVE-2023-3223",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"discovery_date": "2023-05-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2209689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it\u0027s possible to bypass the limit by setting the file name in the request to null.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: OutOfMemoryError due to @MultipartConfig handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-3223"
},
{
"category": "external",
"summary": "RHBZ#2209689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-3223",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3223"
}
],
"release_date": "2023-08-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: OutOfMemoryError due to @MultipartConfig handling"
},
{
"cve": "CVE-2024-1635",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264928"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1635"
},
{
"category": "external",
"summary": "RHBZ#2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635"
}
],
"release_date": "2023-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-28T00:20:32+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-0:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-cli-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-commons-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-core-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-dto-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jdbc-store-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-client-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-jms-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-journal-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-native-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-ra-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-selector-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-server-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-activemq-artemis-service-extensions-0:1.5.5.016-1.redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-debuginfo-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-artemis-native-wildfly-1:1.5.5.016-1.redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.11-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jsoup-0:1.14.2-1.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-14.SP13_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.10-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-woodstox-core-0:5.0.3-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xml-security-0:2.0.10-2.redhat_00002.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol"
}
]
}
RHSA-2025:4437
Vulnerability from csaf_redhat - Published: 2025-05-05 00:13 - Updated: 2026-06-15 18:47Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.13 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.12, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.13 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.12, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.13 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson [eap-7.3.z] (CVE-2022-25647)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks [eap-7.3.z] (CVE-2022-40152)
* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr [eap-7.3.z] (CVE-2022-0084)
* artemis-commons: Apache ActiveMQ Artemis DoS [eap-7.3] (CVE-2022-23913)
* Moment.js: Path traversal in moment.locale [eap-7.3.z] (CVE-2022-24785)
* jettison: memory exhaustion via user-supplied XML or JSON data [eap-7.3.z] (CVE-2022-40150)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections [eap-7.3.z] (CVE-2022-25857)
* jettison: parser crash by stackoverflow [eap-7.3.z] (CVE-2022-40149)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.
7.5 (High)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.
7.5 (High)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.
7.5 (High)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks.
7.5 (High)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.
7.5 (High)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.
7.5 (High)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.
7.5 (High)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.
7.5 (High)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
52 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.12, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.13 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.12, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.13 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson [eap-7.3.z] (CVE-2022-25647)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks [eap-7.3.z] (CVE-2022-40152)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr [eap-7.3.z] (CVE-2022-0084)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS [eap-7.3] (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale [eap-7.3.z] (CVE-2022-24785)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data [eap-7.3.z] (CVE-2022-40150)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections [eap-7.3.z] (CVE-2022-25857)\n\n* jettison: parser crash by stackoverflow [eap-7.3.z] (CVE-2022-40149)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:4437",
"url": "https://access.redhat.com/errata/RHSA-2025:4437"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2063601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601"
},
{
"category": "external",
"summary": "2064226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226"
},
{
"category": "external",
"summary": "2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "2080850",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850"
},
{
"category": "external",
"summary": "2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "JBEAP-29297",
"url": "https://issues.redhat.com/browse/JBEAP-29297"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_4437.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.13 security update",
"tracking": {
"current_release_date": "2026-06-15T18:47:06+00:00",
"generator": {
"date": "2026-06-15T18:47:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2025:4437",
"initial_release_date": "2025-05-05T00:13:08+00:00",
"revision_history": [
{
"date": "2025-05-05T00:13:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-05-05T00:13:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-15T18:47:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.18-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.14-3.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-gson@2.8.9-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"product": {
"name": "eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"product_id": "eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.9.0-10.redhat_00021.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-14.Final_redhat_00015.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.13-4.GA_redhat_00002.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.14-3.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-gson@2.8.9-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-woodstox-core@6.4.0-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.9.0-10.redhat_00021.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.2-14.Final_redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.13-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.3.13-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.3.13-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.13-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.13-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src"
},
"product_reference": "eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-0084",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064226"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0084"
},
{
"category": "external",
"summary": "RHBZ#2064226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0084"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084"
}
],
"release_date": "2022-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-05T00:13:08+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4437"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr"
},
{
"cve": "CVE-2022-23913",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2063601"
}
],
"notes": [
{
"category": "description",
"text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "artemis-commons: Apache ActiveMQ Artemis DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23913"
},
{
"category": "external",
"summary": "RHBZ#2063601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2",
"url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2"
}
],
"release_date": "2022-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-05T00:13:08+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4437"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "artemis-commons: Apache ActiveMQ Artemis DoS"
},
{
"cve": "CVE-2022-24785",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-04-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072009"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moment.js: Path traversal in moment.locale",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Quay 3.10 and above, no version of affected momentjs is present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24785"
},
{
"category": "external",
"summary": "RHBZ#2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
"url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
}
],
"release_date": "2022-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-05T00:13:08+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4437"
},
{
"category": "workaround",
"details": "Sanitize the user-provided locale name before passing it to Moment.js.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moment.js: Path traversal in moment.locale"
},
{
"cve": "CVE-2022-25647",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-05-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2080850"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25647"
},
{
"category": "external",
"summary": "RHBZ#2080850",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647"
}
],
"release_date": "2022-05-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-05T00:13:08+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4437"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson"
},
{
"cve": "CVE-2022-25857",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2126789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25857"
},
{
"category": "external",
"summary": "RHBZ#2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525"
}
],
"release_date": "2022-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-05T00:13:08+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4437"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections"
},
{
"cve": "CVE-2022-40149",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135771"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: parser crash by stackoverflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40149"
},
{
"category": "external",
"summary": "RHBZ#2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-05T00:13:08+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4437"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: parser crash by stackoverflow"
},
{
"cve": "CVE-2022-40150",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135770"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: memory exhaustion via user-supplied XML or JSON data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40150"
},
{
"category": "external",
"summary": "RHBZ#2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-05T00:13:08+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4437"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jettison: memory exhaustion via user-supplied XML or JSON data"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-05T00:13:08+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:4437"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-0:2.9.0-10.redhat_00021.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-cli-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-commons-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-core-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-dto-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hornetq-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-hqclient-protocol-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jdbc-store-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-client-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-jms-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-journal-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-ra-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-selector-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-server-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-service-extensions-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-activemq-artemis-tools-0:2.9.0-10.redhat_00021.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-gson-0:2.8.9-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.18-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-14.Final_redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-14.Final_redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.14-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.13-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.13-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-woodstox-core-0:6.4.0-1.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
}
]
}
SUSE-SU-2022:2044-1
Vulnerability from csaf_suse - Published: 2022-06-10 11:37 - Updated: 2022-06-10 11:37Summary
Security update for google-gson
Severity
Important
Notes
Title of the patch: Security update for google-gson
Description of the patch: This update for google-gson fixes the following issues:
- CVE-2022-25647: Fixed deserialization of untrusted data (bsc#1199064).
Patchnames: SUSE-2022-2044,SUSE-SLE-Module-Development-Tools-15-SP3-2022-2044,SUSE-SLE-Module-Development-Tools-15-SP4-2022-2044,SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-2044,SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-2044,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2044,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2044,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2044,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2044,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2044,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2044,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2044,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2044,SUSE-Storage-7-2022-2044,openSUSE-SLE-15.3-2022-2044,openSUSE-SLE-15.4-2022-2044
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7:google-gson-2.8.9-150200.3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:google-gson-2.8.9-150200.3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:google-gson-2.8.9-150200.3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:google-gson-2.8.9-150200.3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:google-gson-2.8.9-150200.3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:google-gson-2.8.9-150200.3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:google-gson-2.8.9-150200.3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:google-gson-2.8.9-150200.3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:google-gson-2.8.9-150200.3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:google-gson-2.8.9-150200.3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:google-gson-2.8.9-150200.3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:google-gson-2.8.9-150200.3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:google-gson-2.8.9-150200.3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:google-gson-2.8.9-150200.3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:google-gson-javadoc-2.8.9-150200.3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:google-gson-2.8.9-150200.3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:google-gson-javadoc-2.8.9-150200.3.6.3.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for google-gson",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for google-gson fixes the following issues:\n\n- CVE-2022-25647: Fixed deserialization of untrusted data (bsc#1199064).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-2044,SUSE-SLE-Module-Development-Tools-15-SP3-2022-2044,SUSE-SLE-Module-Development-Tools-15-SP4-2022-2044,SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-2044,SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-2044,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2044,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2044,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2044,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2044,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2044,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2044,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2044,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2044,SUSE-Storage-7-2022-2044,openSUSE-SLE-15.3-2022-2044,openSUSE-SLE-15.4-2022-2044",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_2044-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:2044-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222044-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:2044-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-June/011263.html"
},
{
"category": "self",
"summary": "SUSE Bug 1199064",
"url": "https://bugzilla.suse.com/1199064"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-25647 page",
"url": "https://www.suse.com/security/cve/CVE-2022-25647/"
}
],
"title": "Security update for google-gson",
"tracking": {
"current_release_date": "2022-06-10T11:37:35Z",
"generator": {
"date": "2022-06-10T11:37:35Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:2044-1",
"initial_release_date": "2022-06-10T11:37:35Z",
"revision_history": [
{
"date": "2022-06-10T11:37:35Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "google-gson-2.8.9-150200.3.6.3.noarch",
"product": {
"name": "google-gson-2.8.9-150200.3.6.3.noarch",
"product_id": "google-gson-2.8.9-150200.3.6.3.noarch"
}
},
{
"category": "product_version",
"name": "google-gson-javadoc-2.8.9-150200.3.6.3.noarch",
"product": {
"name": "google-gson-javadoc-2.8.9-150200.3.6.3.noarch",
"product_id": "google-gson-javadoc-2.8.9-150200.3.6.3.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server Module 4.2",
"product": {
"name": "SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server Module 4.3",
"product": {
"name": "SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.1",
"product": {
"name": "SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Retail Branch Server 4.1",
"product": {
"name": "SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.1",
"product": {
"name": "SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7",
"product": {
"name": "SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "google-gson-2.8.9-150200.3.6.3.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:google-gson-2.8.9-150200.3.6.3.noarch"
},
"product_reference": "google-gson-2.8.9-150200.3.6.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-gson-2.8.9-150200.3.6.3.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:google-gson-2.8.9-150200.3.6.3.noarch"
},
"product_reference": "google-gson-2.8.9-150200.3.6.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-gson-2.8.9-150200.3.6.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:google-gson-2.8.9-150200.3.6.3.noarch"
},
"product_reference": "google-gson-2.8.9-150200.3.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-gson-2.8.9-150200.3.6.3.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:google-gson-2.8.9-150200.3.6.3.noarch"
},
"product_reference": "google-gson-2.8.9-150200.3.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-gson-2.8.9-150200.3.6.3.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:google-gson-2.8.9-150200.3.6.3.noarch"
},
"product_reference": "google-gson-2.8.9-150200.3.6.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-gson-2.8.9-150200.3.6.3.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:google-gson-2.8.9-150200.3.6.3.noarch"
},
"product_reference": "google-gson-2.8.9-150200.3.6.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-gson-2.8.9-150200.3.6.3.noarch as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:google-gson-2.8.9-150200.3.6.3.noarch"
},
"product_reference": "google-gson-2.8.9-150200.3.6.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-gson-2.8.9-150200.3.6.3.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:google-gson-2.8.9-150200.3.6.3.noarch"
},
"product_reference": "google-gson-2.8.9-150200.3.6.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-gson-2.8.9-150200.3.6.3.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:google-gson-2.8.9-150200.3.6.3.noarch"
},
"product_reference": "google-gson-2.8.9-150200.3.6.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-gson-2.8.9-150200.3.6.3.noarch as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:google-gson-2.8.9-150200.3.6.3.noarch"
},
"product_reference": "google-gson-2.8.9-150200.3.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-gson-2.8.9-150200.3.6.3.noarch as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:google-gson-2.8.9-150200.3.6.3.noarch"
},
"product_reference": "google-gson-2.8.9-150200.3.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-gson-2.8.9-150200.3.6.3.noarch as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:google-gson-2.8.9-150200.3.6.3.noarch"
},
"product_reference": "google-gson-2.8.9-150200.3.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-gson-2.8.9-150200.3.6.3.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:google-gson-2.8.9-150200.3.6.3.noarch"
},
"product_reference": "google-gson-2.8.9-150200.3.6.3.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-gson-2.8.9-150200.3.6.3.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:google-gson-2.8.9-150200.3.6.3.noarch"
},
"product_reference": "google-gson-2.8.9-150200.3.6.3.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-gson-javadoc-2.8.9-150200.3.6.3.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:google-gson-javadoc-2.8.9-150200.3.6.3.noarch"
},
"product_reference": "google-gson-javadoc-2.8.9-150200.3.6.3.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-gson-2.8.9-150200.3.6.3.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:google-gson-2.8.9-150200.3.6.3.noarch"
},
"product_reference": "google-gson-2.8.9-150200.3.6.3.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-gson-javadoc-2.8.9-150200.3.6.3.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:google-gson-javadoc-2.8.9-150200.3.6.3.noarch"
},
"product_reference": "google-gson-javadoc-2.8.9-150200.3.6.3.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-25647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-25647"
}
],
"notes": [
{
"category": "general",
"text": "The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Manager Proxy 4.1:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Manager Retail Branch Server 4.1:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Manager Server 4.1:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Manager Server Module 4.2:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Manager Server Module 4.3:google-gson-2.8.9-150200.3.6.3.noarch",
"openSUSE Leap 15.3:google-gson-2.8.9-150200.3.6.3.noarch",
"openSUSE Leap 15.3:google-gson-javadoc-2.8.9-150200.3.6.3.noarch",
"openSUSE Leap 15.4:google-gson-2.8.9-150200.3.6.3.noarch",
"openSUSE Leap 15.4:google-gson-javadoc-2.8.9-150200.3.6.3.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-25647",
"url": "https://www.suse.com/security/cve/CVE-2022-25647"
},
{
"category": "external",
"summary": "SUSE Bug 1199064 for CVE-2022-25647",
"url": "https://bugzilla.suse.com/1199064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Manager Proxy 4.1:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Manager Retail Branch Server 4.1:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Manager Server 4.1:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Manager Server Module 4.2:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Manager Server Module 4.3:google-gson-2.8.9-150200.3.6.3.noarch",
"openSUSE Leap 15.3:google-gson-2.8.9-150200.3.6.3.noarch",
"openSUSE Leap 15.3:google-gson-javadoc-2.8.9-150200.3.6.3.noarch",
"openSUSE Leap 15.4:google-gson-2.8.9-150200.3.6.3.noarch",
"openSUSE Leap 15.4:google-gson-javadoc-2.8.9-150200.3.6.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Manager Proxy 4.1:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Manager Retail Branch Server 4.1:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Manager Server 4.1:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Manager Server Module 4.2:google-gson-2.8.9-150200.3.6.3.noarch",
"SUSE Manager Server Module 4.3:google-gson-2.8.9-150200.3.6.3.noarch",
"openSUSE Leap 15.3:google-gson-2.8.9-150200.3.6.3.noarch",
"openSUSE Leap 15.3:google-gson-javadoc-2.8.9-150200.3.6.3.noarch",
"openSUSE Leap 15.4:google-gson-2.8.9-150200.3.6.3.noarch",
"openSUSE Leap 15.4:google-gson-javadoc-2.8.9-150200.3.6.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-06-10T11:37:35Z",
"details": "important"
}
],
"title": "CVE-2022-25647"
}
]
}
SUSE-SU-2022:3706-1
Vulnerability from csaf_suse - Published: 2022-10-24 13:19 - Updated: 2022-10-24 13:19Summary
Security update for google-gson
Severity
Moderate
Notes
Title of the patch: Security update for google-gson
Description of the patch: This update for google-gson fixes the following issues:
Fixed security issue:
- CVE-2022-25647: Deserialization of Untrusted Data (bsc#1199064)
Other non security fixes:
- Build with Java >= 9 in order to produce a modular jar by
compiling the module-info.java sources with all other classes
built with release 8 and still compatible with Java 8
- Upgrade to version 2.8.9 (jsc#SLE-24261)
* Make OSGi bundle's dependency on sun.misc optional.
* Deprecate Gson.excluder() exposing internal Excluder class.
* Prevent Java deserialization of internal classes.
* Improve number strategy implementation.
* Fix LongSerializationPolicy null handling being inconsistent with Gson.
* Support arbitrary Number implementation for Object and Number deserialization.
* Bump proguard-maven-plugin from 2.4.0 to 2.5.1.
* Don't exclude static local classes.
* Fix RuntimeTypeAdapterFactory depending on internal Streams class.
* Improve Maven build.
* Make dependency on java.sql optional.
* Fixed issue with recursive types.
* Better behavior with Java 9+ and Unsafe if there is a security manager.
* EnumTypeAdapter now works better when ProGuard has obfuscated enum fields.
* make import of sun.misc optional since not all versions of jdk export it
Patchnames: SUSE-2022-3706,SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-3706
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Server Module 4.1:google-gson-2.8.9-150200.3.7.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for google-gson",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for google-gson fixes the following issues:\n\nFixed security issue:\n\n- CVE-2022-25647: Deserialization of Untrusted Data (bsc#1199064)\n\nOther non security fixes:\n\n- Build with Java \u003e= 9 in order to produce a modular jar by\n compiling the module-info.java sources with all other classes\n built with release 8 and still compatible with Java 8\n- Upgrade to version 2.8.9 (jsc#SLE-24261)\n * Make OSGi bundle\u0027s dependency on sun.misc optional.\n * Deprecate Gson.excluder() exposing internal Excluder class.\n * Prevent Java deserialization of internal classes.\n * Improve number strategy implementation.\n * Fix LongSerializationPolicy null handling being inconsistent with Gson.\n * Support arbitrary Number implementation for Object and Number deserialization.\n * Bump proguard-maven-plugin from 2.4.0 to 2.5.1.\n * Don\u0027t exclude static local classes.\n * Fix RuntimeTypeAdapterFactory depending on internal Streams class.\n * Improve Maven build.\n * Make dependency on java.sql optional.\n * Fixed issue with recursive types.\n * Better behavior with Java 9+ and Unsafe if there is a security manager.\n * EnumTypeAdapter now works better when ProGuard has obfuscated enum fields.\n * make import of sun.misc optional since not all versions of jdk export it\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3706,SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-3706",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3706-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3706-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223706-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3706-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012637.html"
},
{
"category": "self",
"summary": "SUSE Bug 1199064",
"url": "https://bugzilla.suse.com/1199064"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-25647 page",
"url": "https://www.suse.com/security/cve/CVE-2022-25647/"
}
],
"title": "Security update for google-gson",
"tracking": {
"current_release_date": "2022-10-24T13:19:55Z",
"generator": {
"date": "2022-10-24T13:19:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3706-1",
"initial_release_date": "2022-10-24T13:19:55Z",
"revision_history": [
{
"date": "2022-10-24T13:19:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "google-gson-2.8.9-150200.3.7.1.noarch",
"product": {
"name": "google-gson-2.8.9-150200.3.7.1.noarch",
"product_id": "google-gson-2.8.9-150200.3.7.1.noarch"
}
},
{
"category": "product_version",
"name": "google-gson-javadoc-2.8.9-150200.3.7.1.noarch",
"product": {
"name": "google-gson-javadoc-2.8.9-150200.3.7.1.noarch",
"product_id": "google-gson-javadoc-2.8.9-150200.3.7.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Server Module 4.1",
"product": {
"name": "SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "google-gson-2.8.9-150200.3.7.1.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:google-gson-2.8.9-150200.3.7.1.noarch"
},
"product_reference": "google-gson-2.8.9-150200.3.7.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-25647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-25647"
}
],
"notes": [
{
"category": "general",
"text": "The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Server Module 4.1:google-gson-2.8.9-150200.3.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-25647",
"url": "https://www.suse.com/security/cve/CVE-2022-25647"
},
{
"category": "external",
"summary": "SUSE Bug 1199064 for CVE-2022-25647",
"url": "https://bugzilla.suse.com/1199064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Server Module 4.1:google-gson-2.8.9-150200.3.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Server Module 4.1:google-gson-2.8.9-150200.3.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-24T13:19:55Z",
"details": "important"
}
],
"title": "CVE-2022-25647"
}
]
}
WID-SEC-W-2022-0759
Vulnerability from csaf_certbund - Published: 2022-07-19 22:00 - Updated: 2025-05-14 22:00Summary
Oracle Java SE: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Linux
- MacOS X
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space
Juniper
|
cpe:/a:juniper:junos_space:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Hitachi Command Suite
Hitachi
|
cpe:/a:hitachi:command_suite:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP12
IBM / QRadar SIEM
|
<7.5.0 UP12 | ||
|
IBM SAN Volume Controller
IBM
|
cpe:/a:ibm:san_volume_controller:-
|
— | |
|
Hitachi Configuration Manager
Hitachi
|
cpe:/a:hitachi:configuration_manager:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM FlashSystem
IBM
|
cpe:/a:ibm:flashsystem:-
|
— | |
|
Oracle Java SE Oracle GraalVM Enterprise Edition: 20.3.6
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.6
|
Oracle GraalVM Enterprise Edition: 20.3.6 | |
|
Broadcom Brocade SANnav <2.3.1a
Broadcom / Brocade SANnav
|
<2.3.1a | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Oracle Java SE 17.0.3.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:17.0.3.1
|
17.0.3.1 | |
|
IBM Storwize
IBM
|
cpe:/a:ibm:storwize:-
|
— | |
|
Oracle Java SE 21.3.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:21.3.2
|
21.3.2 | |
|
Oracle Java SE Oracle GraalVM Enterprise Edition: 21.3.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.2
|
Oracle GraalVM Enterprise Edition: 21.3.2 | |
|
Oracle Java SE 22.1.0
Oracle / Java SE
|
cpe:/a:oracle:java_se:22.1.0
|
22.1.0 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Oracle Java SE 7u343
Oracle / Java SE
|
cpe:/a:oracle:java_se:7u343
|
7u343 | |
|
Broadcom Brocade SANnav <2.3.0a
Broadcom / Brocade SANnav
|
<2.3.0a | ||
|
Oracle Java SE 8u333
Oracle / Java SE
|
cpe:/a:oracle:java_se:8u333
|
8u333 | |
|
Oracle Java SE 11.0.15.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:11.0.15.1
|
11.0.15.1 | |
|
Oracle Java SE 18.0.1.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:18.0.1.1
|
18.0.1.1 | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
IBM InfoSphere Guardium
IBM
|
cpe:/a:ibm:infosphere_guardium:-
|
— | |
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 |
Affected products
Known affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space
Juniper
|
cpe:/a:juniper:junos_space:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Hitachi Command Suite
Hitachi
|
cpe:/a:hitachi:command_suite:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP12
IBM / QRadar SIEM
|
<7.5.0 UP12 | ||
|
IBM SAN Volume Controller
IBM
|
cpe:/a:ibm:san_volume_controller:-
|
— | |
|
Hitachi Configuration Manager
Hitachi
|
cpe:/a:hitachi:configuration_manager:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM FlashSystem
IBM
|
cpe:/a:ibm:flashsystem:-
|
— | |
|
Oracle Java SE Oracle GraalVM Enterprise Edition: 20.3.6
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.6
|
Oracle GraalVM Enterprise Edition: 20.3.6 | |
|
Broadcom Brocade SANnav <2.3.1a
Broadcom / Brocade SANnav
|
<2.3.1a | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Oracle Java SE 17.0.3.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:17.0.3.1
|
17.0.3.1 | |
|
IBM Storwize
IBM
|
cpe:/a:ibm:storwize:-
|
— | |
|
Oracle Java SE 21.3.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:21.3.2
|
21.3.2 | |
|
Oracle Java SE Oracle GraalVM Enterprise Edition: 21.3.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.2
|
Oracle GraalVM Enterprise Edition: 21.3.2 | |
|
Oracle Java SE 22.1.0
Oracle / Java SE
|
cpe:/a:oracle:java_se:22.1.0
|
22.1.0 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Oracle Java SE 7u343
Oracle / Java SE
|
cpe:/a:oracle:java_se:7u343
|
7u343 | |
|
Broadcom Brocade SANnav <2.3.0a
Broadcom / Brocade SANnav
|
<2.3.0a | ||
|
Oracle Java SE 8u333
Oracle / Java SE
|
cpe:/a:oracle:java_se:8u333
|
8u333 | |
|
Oracle Java SE 11.0.15.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:11.0.15.1
|
11.0.15.1 | |
|
Oracle Java SE 18.0.1.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:18.0.1.1
|
18.0.1.1 | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
IBM InfoSphere Guardium
IBM
|
cpe:/a:ibm:infosphere_guardium:-
|
— | |
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 |
Affected products
Known affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space
Juniper
|
cpe:/a:juniper:junos_space:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Hitachi Command Suite
Hitachi
|
cpe:/a:hitachi:command_suite:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP12
IBM / QRadar SIEM
|
<7.5.0 UP12 | ||
|
IBM SAN Volume Controller
IBM
|
cpe:/a:ibm:san_volume_controller:-
|
— | |
|
Hitachi Configuration Manager
Hitachi
|
cpe:/a:hitachi:configuration_manager:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM FlashSystem
IBM
|
cpe:/a:ibm:flashsystem:-
|
— | |
|
Oracle Java SE Oracle GraalVM Enterprise Edition: 20.3.6
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.6
|
Oracle GraalVM Enterprise Edition: 20.3.6 | |
|
Broadcom Brocade SANnav <2.3.1a
Broadcom / Brocade SANnav
|
<2.3.1a | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Oracle Java SE 17.0.3.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:17.0.3.1
|
17.0.3.1 | |
|
IBM Storwize
IBM
|
cpe:/a:ibm:storwize:-
|
— | |
|
Oracle Java SE 21.3.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:21.3.2
|
21.3.2 | |
|
Oracle Java SE Oracle GraalVM Enterprise Edition: 21.3.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.2
|
Oracle GraalVM Enterprise Edition: 21.3.2 | |
|
Oracle Java SE 22.1.0
Oracle / Java SE
|
cpe:/a:oracle:java_se:22.1.0
|
22.1.0 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Oracle Java SE 7u343
Oracle / Java SE
|
cpe:/a:oracle:java_se:7u343
|
7u343 | |
|
Broadcom Brocade SANnav <2.3.0a
Broadcom / Brocade SANnav
|
<2.3.0a | ||
|
Oracle Java SE 8u333
Oracle / Java SE
|
cpe:/a:oracle:java_se:8u333
|
8u333 | |
|
Oracle Java SE 11.0.15.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:11.0.15.1
|
11.0.15.1 | |
|
Oracle Java SE 18.0.1.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:18.0.1.1
|
18.0.1.1 | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
IBM InfoSphere Guardium
IBM
|
cpe:/a:ibm:infosphere_guardium:-
|
— | |
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 |
Affected products
Known affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space
Juniper
|
cpe:/a:juniper:junos_space:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Hitachi Command Suite
Hitachi
|
cpe:/a:hitachi:command_suite:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP12
IBM / QRadar SIEM
|
<7.5.0 UP12 | ||
|
IBM SAN Volume Controller
IBM
|
cpe:/a:ibm:san_volume_controller:-
|
— | |
|
Hitachi Configuration Manager
Hitachi
|
cpe:/a:hitachi:configuration_manager:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM FlashSystem
IBM
|
cpe:/a:ibm:flashsystem:-
|
— | |
|
Oracle Java SE Oracle GraalVM Enterprise Edition: 20.3.6
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.6
|
Oracle GraalVM Enterprise Edition: 20.3.6 | |
|
Broadcom Brocade SANnav <2.3.1a
Broadcom / Brocade SANnav
|
<2.3.1a | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Oracle Java SE 17.0.3.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:17.0.3.1
|
17.0.3.1 | |
|
IBM Storwize
IBM
|
cpe:/a:ibm:storwize:-
|
— | |
|
Oracle Java SE 21.3.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:21.3.2
|
21.3.2 | |
|
Oracle Java SE Oracle GraalVM Enterprise Edition: 21.3.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.2
|
Oracle GraalVM Enterprise Edition: 21.3.2 | |
|
Oracle Java SE 22.1.0
Oracle / Java SE
|
cpe:/a:oracle:java_se:22.1.0
|
22.1.0 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Oracle Java SE 7u343
Oracle / Java SE
|
cpe:/a:oracle:java_se:7u343
|
7u343 | |
|
Broadcom Brocade SANnav <2.3.0a
Broadcom / Brocade SANnav
|
<2.3.0a | ||
|
Oracle Java SE 8u333
Oracle / Java SE
|
cpe:/a:oracle:java_se:8u333
|
8u333 | |
|
Oracle Java SE 11.0.15.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:11.0.15.1
|
11.0.15.1 | |
|
Oracle Java SE 18.0.1.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:18.0.1.1
|
18.0.1.1 | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
IBM InfoSphere Guardium
IBM
|
cpe:/a:ibm:infosphere_guardium:-
|
— | |
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 |
Affected products
Known affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space
Juniper
|
cpe:/a:juniper:junos_space:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Hitachi Command Suite
Hitachi
|
cpe:/a:hitachi:command_suite:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP12
IBM / QRadar SIEM
|
<7.5.0 UP12 | ||
|
IBM SAN Volume Controller
IBM
|
cpe:/a:ibm:san_volume_controller:-
|
— | |
|
Hitachi Configuration Manager
Hitachi
|
cpe:/a:hitachi:configuration_manager:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM FlashSystem
IBM
|
cpe:/a:ibm:flashsystem:-
|
— | |
|
Oracle Java SE Oracle GraalVM Enterprise Edition: 20.3.6
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.6
|
Oracle GraalVM Enterprise Edition: 20.3.6 | |
|
Broadcom Brocade SANnav <2.3.1a
Broadcom / Brocade SANnav
|
<2.3.1a | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Oracle Java SE 17.0.3.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:17.0.3.1
|
17.0.3.1 | |
|
IBM Storwize
IBM
|
cpe:/a:ibm:storwize:-
|
— | |
|
Oracle Java SE 21.3.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:21.3.2
|
21.3.2 | |
|
Oracle Java SE Oracle GraalVM Enterprise Edition: 21.3.2
Oracle / Java SE
|
cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.2
|
Oracle GraalVM Enterprise Edition: 21.3.2 | |
|
Oracle Java SE 22.1.0
Oracle / Java SE
|
cpe:/a:oracle:java_se:22.1.0
|
22.1.0 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Oracle Java SE 7u343
Oracle / Java SE
|
cpe:/a:oracle:java_se:7u343
|
7u343 | |
|
Broadcom Brocade SANnav <2.3.0a
Broadcom / Brocade SANnav
|
<2.3.0a | ||
|
Oracle Java SE 8u333
Oracle / Java SE
|
cpe:/a:oracle:java_se:8u333
|
8u333 | |
|
Oracle Java SE 11.0.15.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:11.0.15.1
|
11.0.15.1 | |
|
Oracle Java SE 18.0.1.1
Oracle / Java SE
|
cpe:/a:oracle:java_se:18.0.1.1
|
18.0.1.1 | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Corretto <8.442.06.1
Amazon / Corretto
|
<8.442.06.1 | ||
|
IBM InfoSphere Guardium
IBM
|
cpe:/a:ibm:infosphere_guardium:-
|
— | |
|
Amazon Corretto <11.0.26.4.1
Amazon / Corretto
|
<11.0.26.4.1 |
References
45 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0759 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0759.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0759 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0759"
},
{
"category": "external",
"summary": "Menu - Appendix Oracle Java SE vom 2022-07-19",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html#AppendixJAVA"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1824 vom 2022-07-21",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1824.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1823 vom 2022-07-21",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1823.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-5683 vom 2022-07-22",
"url": "http://linux.oracle.com/errata/ELSA-2022-5683.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-111 vom 2022-07-21",
"url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-111.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-112 vom 2022-07-21",
"url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-112.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-113 vom 2022-07-21",
"url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-113.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-5687 vom 2022-07-22",
"url": "http://linux.oracle.com/errata/ELSA-2022-5687.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1822 vom 2022-07-21",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1822.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2CORRETTO8-2022-003 vom 2022-07-21",
"url": "https://alas.aws.amazon.com/AL2/ALASCORRETTO8-2022-003.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-5696 vom 2022-07-26",
"url": "https://linux.oracle.com/errata/ELSA-2022-5696.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-5698 vom 2022-07-25",
"url": "https://linux.oracle.com/errata/ELSA-2022-5698.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2660-1 vom 2022-08-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011767.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-120 vom 2022-08-05",
"url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-120.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-119 vom 2022-08-05",
"url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-119.html"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2022-127 vom 2022-08-09",
"url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-127/index.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2898-1 vom 2022-08-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011996.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2899-1 vom 2022-08-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011995.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2949-1 vom 2022-08-31",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/012014.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3092-1 vom 2022-09-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012103.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5227 vom 2022-09-07",
"url": "https://lists.debian.org/debian-security-announce/2022/msg00196.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1633 vom 2022-09-12",
"url": "https://alas.aws.amazon.com/ALAS-2022-1633.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1835 vom 2022-09-15",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1835.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4166-1 vom 2022-11-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013066.html"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA70185 vom 2023-01-12",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-3R1-release?language=en_US"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6856221 vom 2023-01-18",
"url": "https://www.ibm.com/support/pages/node/6856221"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7014699 vom 2023-07-26",
"url": "https://www.ibm.com/support/pages/node/7014699"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7140420 vom 2024-03-13",
"url": "https://www.ibm.com/support/pages/node/7140420"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202405-16 vom 2024-05-05",
"url": "https://security.gentoo.org/glsa/202405-16"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3780 vom 2024-06-10",
"url": "https://access.redhat.com/errata/RHSA-2024:3780"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7157366 vom 2024-06-19",
"url": "https://www.ibm.com/support/pages/node/7157366"
},
{
"category": "external",
"summary": "### vom 2024-10-15",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24999"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8076 vom 2024-10-14",
"url": "https://access.redhat.com/errata/RHSA-2024:8076"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8075 vom 2024-10-14",
"url": "https://access.redhat.com/errata/RHSA-2024:8075"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8080 vom 2024-10-14",
"url": "https://access.redhat.com/errata/RHSA-2024:8080"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8077 vom 2024-10-14",
"url": "https://access.redhat.com/errata/RHSA-2024:8077"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8823 vom 2024-11-04",
"url": "https://access.redhat.com/errata/RHSA-2024:8823"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8824 vom 2024-11-04",
"url": "https://access.redhat.com/errata/RHSA-2024:8824"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8826 vom 2024-11-04",
"url": "https://access.redhat.com/errata/RHSA-2024:8826"
},
{
"category": "external",
"summary": "Change Log for Amazon Corretto 11 vom 2025-01-21",
"url": "https://github.com/corretto/corretto-11/blob/ece67a968d57210c69d3b9153576613846c1cacf/CHANGELOG.md"
},
{
"category": "external",
"summary": "Change Log for Amazon Corretto 8 vom 2025-01-21",
"url": "https://github.com/corretto/corretto-8/blob/14eb6b297ac476ca5734706b40903e5a69ecd74a/CHANGELOG.md"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:0066-1 vom 2025-02-18",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/GS63GCBRVH7N4JEIZNQAPVFNNVB2OGSU/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7233394 vom 2025-05-14",
"url": "https://www.ibm.com/support/pages/node/7233394"
}
],
"source_lang": "en-US",
"title": "Oracle Java SE: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-14T22:00:00.000+00:00",
"generator": {
"date": "2025-05-15T09:09:20.662+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2022-0759",
"initial_release_date": "2022-07-19T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-07-19T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-07-20T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-07-21T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Oracle Linux und Amazon aufgenommen"
},
{
"date": "2022-07-25T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-08-03T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-08-04T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-08-08T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2022-08-25T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-08-31T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-09-06T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-09-07T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2022-09-12T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-09-14T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-11-22T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-01-11T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Juniper aufgenommen"
},
{
"date": "2023-01-18T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-07-26T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-03-12T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-05-05T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-06-10T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-19T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-10-14T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-04T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-01-21T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-02-18T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-05-14T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "26"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c11.0.26.4.1",
"product": {
"name": "Amazon Corretto \u003c11.0.26.4.1",
"product_id": "T040500"
}
},
{
"category": "product_version",
"name": "11.0.26.4.1",
"product": {
"name": "Amazon Corretto 11.0.26.4.1",
"product_id": "T040500-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:amazon:corretto:11.0.26.4.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.442.06.1",
"product": {
"name": "Amazon Corretto \u003c8.442.06.1",
"product_id": "T040501"
}
},
{
"category": "product_version",
"name": "8.442.06.1",
"product": {
"name": "Amazon Corretto 8.442.06.1",
"product_id": "T040501-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:amazon:corretto:8.442.06.1"
}
}
}
],
"category": "product_name",
"name": "Corretto"
},
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.3.0a",
"product": {
"name": "Broadcom Brocade SANnav \u003c2.3.0a",
"product_id": "T034391"
}
},
{
"category": "product_version",
"name": "2.3.0a",
"product": {
"name": "Broadcom Brocade SANnav 2.3.0a",
"product_id": "T034391-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:broadcom:brocade_sannav:2.3.0a"
}
}
},
{
"category": "product_version_range",
"name": "\u003c2.3.1a",
"product": {
"name": "Broadcom Brocade SANnav \u003c2.3.1a",
"product_id": "T038317"
}
},
{
"category": "product_version",
"name": "2.3.1a",
"product": {
"name": "Broadcom Brocade SANnav 2.3.1a",
"product_id": "T038317-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:broadcom:brocade_sannav:2.3.1a"
}
}
}
],
"category": "product_name",
"name": "Brocade SANnav"
}
],
"category": "vendor",
"name": "Broadcom"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Command Suite",
"product": {
"name": "Hitachi Command Suite",
"product_id": "T010951",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:command_suite:-"
}
}
},
{
"category": "product_name",
"name": "Hitachi Configuration Manager",
"product": {
"name": "Hitachi Configuration Manager",
"product_id": "T020304",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:configuration_manager:-"
}
}
},
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T017562",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM FlashSystem",
"product": {
"name": "IBM FlashSystem",
"product_id": "T025159",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:flashsystem:-"
}
}
},
{
"category": "product_name",
"name": "IBM InfoSphere Guardium",
"product": {
"name": "IBM InfoSphere Guardium",
"product_id": "T002366",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_guardium:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "7.5",
"product": {
"name": "IBM QRadar SIEM 7.5",
"product_id": "T022954",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP12",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP12",
"product_id": "T043784"
}
},
{
"category": "product_version",
"name": "7.5.0 UP12",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP12",
"product_id": "T043784-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up12"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"category": "product_name",
"name": "IBM SAN Volume Controller",
"product": {
"name": "IBM SAN Volume Controller",
"product_id": "T020642",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:san_volume_controller:-"
}
}
},
{
"category": "product_name",
"name": "IBM Storwize",
"product": {
"name": "IBM Storwize",
"product_id": "T021621",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:storwize:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Juniper Junos Space",
"product": {
"name": "Juniper Junos Space",
"product_id": "T003343",
"product_identification_helper": {
"cpe": "cpe:/a:juniper:junos_space:-"
}
}
}
],
"category": "vendor",
"name": "Juniper"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "11.0.15.1",
"product": {
"name": "Oracle Java SE 11.0.15.1",
"product_id": "T023943",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:11.0.15.1"
}
}
},
{
"category": "product_version",
"name": "17.0.3.1",
"product": {
"name": "Oracle Java SE 17.0.3.1",
"product_id": "T023944",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:17.0.3.1"
}
}
},
{
"category": "product_version",
"name": "21.3.2",
"product": {
"name": "Oracle Java SE 21.3.2",
"product_id": "T023945",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:21.3.2"
}
}
},
{
"category": "product_version",
"name": "22.1.0",
"product": {
"name": "Oracle Java SE 22.1.0",
"product_id": "T023946",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:22.1.0"
}
}
},
{
"category": "product_version",
"name": "7u343",
"product": {
"name": "Oracle Java SE 7u343",
"product_id": "T023985",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:7u343"
}
}
},
{
"category": "product_version",
"name": "8u333",
"product": {
"name": "Oracle Java SE 8u333",
"product_id": "T023986",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:8u333"
}
}
},
{
"category": "product_version",
"name": "18.0.1.1",
"product": {
"name": "Oracle Java SE 18.0.1.1",
"product_id": "T023987",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:18.0.1.1"
}
}
},
{
"category": "product_version",
"name": "Oracle GraalVM Enterprise Edition: 21.3.2",
"product": {
"name": "Oracle Java SE Oracle GraalVM Enterprise Edition: 21.3.2",
"product_id": "T023989",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.2"
}
}
},
{
"category": "product_version",
"name": "Oracle GraalVM Enterprise Edition: 20.3.6",
"product": {
"name": "Oracle Java SE Oracle GraalVM Enterprise Edition: 20.3.6",
"product_id": "T023990",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.6"
}
}
}
],
"category": "product_name",
"name": "Java SE"
},
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-21540",
"product_status": {
"known_affected": [
"T003343",
"67646",
"T010951",
"T004914",
"T043784",
"T020642",
"T020304",
"398363",
"T025159",
"T023990",
"T038317",
"T012167",
"T017562",
"T022954",
"T023944",
"T021621",
"T023945",
"T023989",
"T023946",
"2951",
"T002207",
"T023985",
"T034391",
"T023986",
"T023943",
"T023987",
"T027843",
"T040501",
"T002366",
"T040500"
]
},
"release_date": "2022-07-19T22:00:00.000+00:00",
"title": "CVE-2022-21540"
},
{
"cve": "CVE-2022-21541",
"product_status": {
"known_affected": [
"T003343",
"67646",
"T010951",
"T004914",
"T043784",
"T020642",
"T020304",
"398363",
"T025159",
"T023990",
"T038317",
"T012167",
"T017562",
"T022954",
"T023944",
"T021621",
"T023945",
"T023989",
"T023946",
"2951",
"T002207",
"T023985",
"T034391",
"T023986",
"T023943",
"T023987",
"T027843",
"T040501",
"T002366",
"T040500"
]
},
"release_date": "2022-07-19T22:00:00.000+00:00",
"title": "CVE-2022-21541"
},
{
"cve": "CVE-2022-21549",
"product_status": {
"known_affected": [
"T003343",
"67646",
"T010951",
"T004914",
"T043784",
"T020642",
"T020304",
"398363",
"T025159",
"T023990",
"T038317",
"T012167",
"T017562",
"T022954",
"T023944",
"T021621",
"T023945",
"T023989",
"T023946",
"2951",
"T002207",
"T023985",
"T034391",
"T023986",
"T023943",
"T023987",
"T027843",
"T040501",
"T002366",
"T040500"
]
},
"release_date": "2022-07-19T22:00:00.000+00:00",
"title": "CVE-2022-21549"
},
{
"cve": "CVE-2022-25647",
"product_status": {
"known_affected": [
"T003343",
"67646",
"T010951",
"T004914",
"T043784",
"T020642",
"T020304",
"398363",
"T025159",
"T023990",
"T038317",
"T012167",
"T017562",
"T022954",
"T023944",
"T021621",
"T023945",
"T023989",
"T023946",
"2951",
"T002207",
"T023985",
"T034391",
"T023986",
"T023943",
"T023987",
"T027843",
"T040501",
"T002366",
"T040500"
]
},
"release_date": "2022-07-19T22:00:00.000+00:00",
"title": "CVE-2022-25647"
},
{
"cve": "CVE-2022-34169",
"product_status": {
"known_affected": [
"T003343",
"67646",
"T010951",
"T004914",
"T043784",
"T020642",
"T020304",
"398363",
"T025159",
"T023990",
"T038317",
"T012167",
"T017562",
"T022954",
"T023944",
"T021621",
"T023945",
"T023989",
"T023946",
"2951",
"T002207",
"T023985",
"T034391",
"T023986",
"T023943",
"T023987",
"T027843",
"T040501",
"T002366",
"T040500"
]
},
"release_date": "2022-07-19T22:00:00.000+00:00",
"title": "CVE-2022-34169"
}
]
}
WID-SEC-W-2022-0901
Vulnerability from csaf_certbund - Published: 2022-08-03 22:00 - Updated: 2025-05-04 22:00Summary
Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um die Vertraulichkeit, die Verfügbarkeit und die Integrität zu gefährden, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform <7.4.6
Red Hat / JBoss Enterprise Application Platform
|
<7.4.6 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.12
Red Hat / JBoss Enterprise Application Platform
|
<7.3.12 | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform <7.4.6
Red Hat / JBoss Enterprise Application Platform
|
<7.4.6 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.12
Red Hat / JBoss Enterprise Application Platform
|
<7.3.12 | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform <7.4.6
Red Hat / JBoss Enterprise Application Platform
|
<7.4.6 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.12
Red Hat / JBoss Enterprise Application Platform
|
<7.3.12 | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 |
References
15 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "JBoss Enterprise Application Platform ist eine skalierbare Plattform f\u00fcr Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um die Vertraulichkeit, die Verf\u00fcgbarkeit und die Integrit\u00e4t zu gef\u00e4hrden, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0901 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0901.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0901 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0901"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:5892 vom 2022-08-03",
"url": "https://access.redhat.com/errata/RHSA-2022:5892"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:5893 vom 2022-08-03",
"url": "https://access.redhat.com/errata/RHSA-2022:5893"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:5894 vom 2022-08-03",
"url": "https://access.redhat.com/errata/RHSA-2022:5894"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:5928 vom 2022-08-09",
"url": "https://access.redhat.com/errata/RHSA-2022:5928"
},
{
"category": "external",
"summary": "JFrog Fixed Security Vulnerabilities",
"url": "https://www.jfrog.com/confluence/display/JFROG/Fixed+Security+Vulnerabilities"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6819 vom 2022-10-05",
"url": "https://access.redhat.com/errata/RHSA-2022:6819"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6916 vom 2022-10-12",
"url": "https://access.redhat.com/errata/RHSA-2022:6916"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8524 vom 2022-11-17",
"url": "https://access.redhat.com/errata/RHSA-2022:8524"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8652 vom 2022-11-28",
"url": "https://access.redhat.com/errata/RHSA-2022:8652"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0612 vom 2023-02-06",
"url": "https://access.redhat.com/errata/RHSA-2023:0612"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1747 vom 2025-02-24",
"url": "https://access.redhat.com/errata/RHSA-2025:1747"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4226 vom 2025-04-28",
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4437 vom 2025-05-05",
"url": "https://access.redhat.com/errata/RHSA-2025:4437"
}
],
"source_lang": "en-US",
"title": "Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-04T22:00:00.000+00:00",
"generator": {
"date": "2025-05-05T08:09:19.940+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2022-0901",
"initial_release_date": "2022-08-03T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-08-03T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-08-08T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-10-03T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2022-10-05T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-10-12T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-11-17T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-11-28T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-02-06T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-23T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-04-27T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-04T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "11"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.46.3",
"product": {
"name": "JFrog Artifactory \u003c7.46.3",
"product_id": "T024764"
}
},
{
"category": "product_version",
"name": "7.46.3",
"product": {
"name": "JFrog Artifactory 7.46.3",
"product_id": "T024764-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:jfrog:artifactory:7.46.3"
}
}
}
],
"category": "product_name",
"name": "Artifactory"
}
],
"category": "vendor",
"name": "JFrog"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.4.6",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c7.4.6",
"product_id": "130262"
}
},
{
"category": "product_version",
"name": "7.4.6",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.4.6",
"product_id": "130262-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.3.12",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c7.3.12",
"product_id": "T041369"
}
},
{
"category": "product_version",
"name": "7.3.12",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.3.12",
"product_id": "T041369-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3.12"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.3.13",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c7.3.13",
"product_id": "T043288"
}
},
{
"category": "product_version",
"name": "7.3.13",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.3.13",
"product_id": "T043288-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3.13"
}
}
}
],
"category": "product_name",
"name": "JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-44906",
"product_status": {
"known_affected": [
"130262",
"67646",
"T024764",
"T041369",
"T043288"
]
},
"release_date": "2022-08-03T22:00:00.000+00:00",
"title": "CVE-2021-44906"
},
{
"cve": "CVE-2022-25647",
"product_status": {
"known_affected": [
"130262",
"67646",
"T024764",
"T041369",
"T043288"
]
},
"release_date": "2022-08-03T22:00:00.000+00:00",
"title": "CVE-2022-25647"
},
{
"cve": "CVE-2022-24823",
"product_status": {
"known_affected": [
"130262",
"67646",
"T024764",
"T041369",
"T043288"
]
},
"release_date": "2022-08-03T22:00:00.000+00:00",
"title": "CVE-2022-24823"
}
]
}
WID-SEC-W-2022-0909
Vulnerability from csaf_certbund - Published: 2022-08-03 22:00 - Updated: 2025-03-30 22:00Summary
IBM DB2: Mehrere Schwachstellen ermöglichen Codeausführung
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Dateien zu manipulieren.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <v11.5.7.0-cn6
IBM / DB2
|
<v11.5.7.0-cn6 | ||
|
IBM DB2 <Cloud Pak for Data v4.5 Refresh 1
IBM / DB2
|
<Cloud Pak for Data v4.5 Refresh 1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <v11.5.7.0-cn6
IBM / DB2
|
<v11.5.7.0-cn6 | ||
|
IBM DB2 <Cloud Pak for Data v4.5 Refresh 1
IBM / DB2
|
<Cloud Pak for Data v4.5 Refresh 1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <v11.5.7.0-cn6
IBM / DB2
|
<v11.5.7.0-cn6 | ||
|
IBM DB2 <Cloud Pak for Data v4.5 Refresh 1
IBM / DB2
|
<Cloud Pak for Data v4.5 Refresh 1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <v11.5.7.0-cn6
IBM / DB2
|
<v11.5.7.0-cn6 | ||
|
IBM DB2 <Cloud Pak for Data v4.5 Refresh 1
IBM / DB2
|
<Cloud Pak for Data v4.5 Refresh 1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <v11.5.7.0-cn6
IBM / DB2
|
<v11.5.7.0-cn6 | ||
|
IBM DB2 <Cloud Pak for Data v4.5 Refresh 1
IBM / DB2
|
<Cloud Pak for Data v4.5 Refresh 1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <v11.5.7.0-cn6
IBM / DB2
|
<v11.5.7.0-cn6 | ||
|
IBM DB2 <Cloud Pak for Data v4.5 Refresh 1
IBM / DB2
|
<Cloud Pak for Data v4.5 Refresh 1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <v11.5.7.0-cn6
IBM / DB2
|
<v11.5.7.0-cn6 | ||
|
IBM DB2 <Cloud Pak for Data v4.5 Refresh 1
IBM / DB2
|
<Cloud Pak for Data v4.5 Refresh 1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <v11.5.7.0-cn6
IBM / DB2
|
<v11.5.7.0-cn6 | ||
|
IBM DB2 <Cloud Pak for Data v4.5 Refresh 1
IBM / DB2
|
<Cloud Pak for Data v4.5 Refresh 1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 on Cloud Pak for Data
IBM / DB2
|
cpe:/a:ibm:db2:on_cloud_pak_for_data
|
on Cloud Pak for Data |
References
5 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Dateien zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0909 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0909.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0909 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0909"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6610082 vom 2022-08-03",
"url": "https://www.ibm.com/support/pages/node/6610082"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6389 vom 2022-09-08",
"url": "https://access.redhat.com/errata/RHSA-2022:6389"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7229443 vom 2025-03-28",
"url": "https://www.ibm.com/support/pages/node/7229443"
}
],
"source_lang": "en-US",
"title": "IBM DB2: Mehrere Schwachstellen erm\u00f6glichen Codeausf\u00fchrung",
"tracking": {
"current_release_date": "2025-03-30T22:00:00.000+00:00",
"generator": {
"date": "2025-03-31T08:36:01.541+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2022-0909",
"initial_release_date": "2022-08-03T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-08-03T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-09-08T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-03-30T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cv11.5.7.0-cn6",
"product": {
"name": "IBM DB2 \u003cv11.5.7.0-cn6",
"product_id": "T024171"
}
},
{
"category": "product_version",
"name": "v11.5.7.0-cn6",
"product": {
"name": "IBM DB2 v11.5.7.0-cn6",
"product_id": "T024171-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:v11.5.7.0-cn6"
}
}
},
{
"category": "product_version_range",
"name": "\u003cCloud Pak for Data v4.5 Refresh 1",
"product": {
"name": "IBM DB2 \u003cCloud Pak for Data v4.5 Refresh 1",
"product_id": "T024172"
}
},
{
"category": "product_version",
"name": "Cloud Pak for Data v4.5 Refresh 1",
"product": {
"name": "IBM DB2 Cloud Pak for Data v4.5 Refresh 1",
"product_id": "T024172-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:cloud_pak_for_data_v4.5_refresh_1"
}
}
},
{
"category": "product_version",
"name": "on Cloud Pak for Data",
"product": {
"name": "IBM DB2 on Cloud Pak for Data",
"product_id": "T042208",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:on_cloud_pak_for_data"
}
}
}
],
"category": "product_name",
"name": "DB2"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-7774",
"product_status": {
"known_affected": [
"T024171",
"T024172",
"67646",
"T042208"
]
},
"release_date": "2022-08-03T22:00:00.000+00:00",
"title": "CVE-2020-7774"
},
{
"cve": "CVE-2021-43138",
"product_status": {
"known_affected": [
"T024171",
"T024172",
"67646",
"T042208"
]
},
"release_date": "2022-08-03T22:00:00.000+00:00",
"title": "CVE-2021-43138"
},
{
"cve": "CVE-2021-44906",
"product_status": {
"known_affected": [
"T024171",
"T024172",
"67646",
"T042208"
]
},
"release_date": "2022-08-03T22:00:00.000+00:00",
"title": "CVE-2021-44906"
},
{
"cve": "CVE-2022-0536",
"product_status": {
"known_affected": [
"T024171",
"T024172",
"67646",
"T042208"
]
},
"release_date": "2022-08-03T22:00:00.000+00:00",
"title": "CVE-2022-0536"
},
{
"cve": "CVE-2022-25647",
"product_status": {
"known_affected": [
"T024171",
"T024172",
"67646",
"T042208"
]
},
"release_date": "2022-08-03T22:00:00.000+00:00",
"title": "CVE-2022-25647"
},
{
"cve": "CVE-2022-28948",
"product_status": {
"known_affected": [
"T024171",
"T024172",
"67646",
"T042208"
]
},
"release_date": "2022-08-03T22:00:00.000+00:00",
"title": "CVE-2022-28948"
},
{
"cve": "CVE-2022-29078",
"product_status": {
"known_affected": [
"T024171",
"T024172",
"67646",
"T042208"
]
},
"release_date": "2022-08-03T22:00:00.000+00:00",
"title": "CVE-2022-29078"
},
{
"cve": "CVE-2022-33987",
"product_status": {
"known_affected": [
"T024171",
"T024172",
"67646",
"T042208"
]
},
"release_date": "2022-08-03T22:00:00.000+00:00",
"title": "CVE-2022-33987"
}
]
}
WID-SEC-W-2023-0132
Vulnerability from csaf_certbund - Published: 2023-01-17 23:00 - Updated: 2023-05-01 22:00Summary
Oracle Fusion Middleware: Mehrere Schwachstellen
Severity
Kritisch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - UNIX
- Linux
- Windows
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Fusion Middleware 8.5.6
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:8.5.6
|
— | |
|
Oracle Fusion Middleware 12.2.1.3.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.3.0
|
— | |
|
Oracle Fusion Middleware 6.4.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:6.4.0.0.0
|
— | |
|
Oracle Fusion Middleware 12.2.1.4.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:12.2.1.4.0
|
— | |
|
Oracle Fusion Middleware 5.9.0.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:5.9.0.0.0
|
— | |
|
Oracle Fusion Middleware 14.1.1.0.0
Oracle / Fusion Middleware
|
cpe:/a:oracle:fusion_middleware:14.1.1.0.0
|
— |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "kritisch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0132 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0132.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0132 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0132"
},
{
"category": "external",
"summary": "CISA Known Exploited Vulnerabilities Catalog vom 2023-05-01",
"url": "https://www.cisa.gov/news-events/alerts/2023/05/01/cisa-adds-three-known-exploited-vulnerabilities-catalog"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - January 2023 - Appendix Oracle Fusion Middleware vom 2023-01-17",
"url": "https://www.oracle.com/security-alerts/cpujan2023.html#AppendixFMW"
}
],
"source_lang": "en-US",
"title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-05-01T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:41:47.510+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-0132",
"initial_release_date": "2023-01-17T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-01-17T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-05-01T22:00:00.000+00:00",
"number": "2",
"summary": "Exploit-Hinweis f\u00fcr CVE-2023-21839 aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Fusion Middleware 12.2.1.3.0",
"product": {
"name": "Oracle Fusion Middleware 12.2.1.3.0",
"product_id": "618028",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.3.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Fusion Middleware 12.2.1.4.0",
"product": {
"name": "Oracle Fusion Middleware 12.2.1.4.0",
"product_id": "751674",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.4.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Fusion Middleware 14.1.1.0.0",
"product": {
"name": "Oracle Fusion Middleware 14.1.1.0.0",
"product_id": "829576",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:14.1.1.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Fusion Middleware 5.9.0.0.0",
"product": {
"name": "Oracle Fusion Middleware 5.9.0.0.0",
"product_id": "T021683",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:5.9.0.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Fusion Middleware 8.5.6",
"product": {
"name": "Oracle Fusion Middleware 8.5.6",
"product_id": "T024993",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:8.5.6"
}
}
},
{
"category": "product_name",
"name": "Oracle Fusion Middleware 6.4.0.0.0",
"product": {
"name": "Oracle Fusion Middleware 6.4.0.0.0",
"product_id": "T024994",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:6.4.0.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Fusion Middleware \u003c 13.9.4.2.11",
"product": {
"name": "Oracle Fusion Middleware \u003c 13.9.4.2.11",
"product_id": "T025879",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:13.9.4.2.11"
}
}
}
],
"category": "product_name",
"name": "Fusion Middleware"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-25032",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2018-25032"
},
{
"cve": "CVE-2018-7489",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2018-7489"
},
{
"cve": "CVE-2020-10693",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2020-10693"
},
{
"cve": "CVE-2020-11987",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2020-11987"
},
{
"cve": "CVE-2020-13956",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2020-13956"
},
{
"cve": "CVE-2021-31812",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2021-31812"
},
{
"cve": "CVE-2021-36090",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2021-36090"
},
{
"cve": "CVE-2021-36770",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2021-36770"
},
{
"cve": "CVE-2021-42717",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2021-42717"
},
{
"cve": "CVE-2022-1122",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-1122"
},
{
"cve": "CVE-2022-2274",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-2274"
},
{
"cve": "CVE-2022-23305",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-23305"
},
{
"cve": "CVE-2022-23457",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-23457"
},
{
"cve": "CVE-2022-24329",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-24329"
},
{
"cve": "CVE-2022-25236",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-25236"
},
{
"cve": "CVE-2022-25647",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-25647"
},
{
"cve": "CVE-2022-27404",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-27404"
},
{
"cve": "CVE-2022-27782",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-27782"
},
{
"cve": "CVE-2022-29824",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-29824"
},
{
"cve": "CVE-2022-3171",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-3171"
},
{
"cve": "CVE-2022-31813",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-31813"
},
{
"cve": "CVE-2022-37434",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-37434"
},
{
"cve": "CVE-2022-40146",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-40146"
},
{
"cve": "CVE-2022-40150",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-40150"
},
{
"cve": "CVE-2022-40153",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-40153"
},
{
"cve": "CVE-2022-40664",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-40664"
},
{
"cve": "CVE-2022-42003",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-42889",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-42889"
},
{
"cve": "CVE-2022-42920",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-42920"
},
{
"cve": "CVE-2022-43680",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-43680"
},
{
"cve": "CVE-2022-45047",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-45047"
},
{
"cve": "CVE-2023-21832",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2023-21832"
},
{
"cve": "CVE-2023-21837",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2023-21837"
},
{
"cve": "CVE-2023-21838",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2023-21838"
},
{
"cve": "CVE-2023-21839",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2023-21839"
},
{
"cve": "CVE-2023-21841",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2023-21841"
},
{
"cve": "CVE-2023-21842",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2023-21842"
},
{
"cve": "CVE-2023-21846",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2023-21846"
},
{
"cve": "CVE-2023-21859",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2023-21859"
},
{
"cve": "CVE-2023-21861",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2023-21861"
},
{
"cve": "CVE-2023-21862",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2023-21862"
},
{
"cve": "CVE-2023-21891",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2023-21891"
},
{
"cve": "CVE-2023-21892",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2023-21892"
},
{
"cve": "CVE-2023-21894",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T024993",
"618028",
"T024994",
"751674",
"T021683",
"829576"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2023-21894"
}
]
}
WID-SEC-W-2023-0134
Vulnerability from csaf_certbund - Published: 2023-01-17 23:00 - Updated: 2023-01-17 23:00Summary
Oracle Enterprise Manager: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Enterprise Manager (OEM) ist ein Set von System Management Werkzeugen von Oracle für Oracle Umgebungen. Es beinhaltet Werkzeuge zum Monitoring von Oracle Umgebung und zur Automatisierung von Datenbank- und Applikations Administration.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Enterprise Manager ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - UNIX
- Linux
- Windows
In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Enterprise Manager 12.4.0.0
Oracle / Enterprise Manager
|
cpe:/a:oracle:enterprise_manager:12.4.0.0
|
— | |
|
Oracle Enterprise Manager 13.4.0.0
Oracle / Enterprise Manager
|
cpe:/a:oracle:enterprise_manager:13.4.0.0
|
— | |
|
Oracle Enterprise Manager 13.5.0.0
Oracle / Enterprise Manager
|
cpe:/a:oracle:enterprise_manager:13.5.0.0
|
— |
In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Enterprise Manager 12.4.0.0
Oracle / Enterprise Manager
|
cpe:/a:oracle:enterprise_manager:12.4.0.0
|
— | |
|
Oracle Enterprise Manager 13.4.0.0
Oracle / Enterprise Manager
|
cpe:/a:oracle:enterprise_manager:13.4.0.0
|
— | |
|
Oracle Enterprise Manager 13.5.0.0
Oracle / Enterprise Manager
|
cpe:/a:oracle:enterprise_manager:13.5.0.0
|
— |
In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Enterprise Manager 12.4.0.0
Oracle / Enterprise Manager
|
cpe:/a:oracle:enterprise_manager:12.4.0.0
|
— | |
|
Oracle Enterprise Manager 13.4.0.0
Oracle / Enterprise Manager
|
cpe:/a:oracle:enterprise_manager:13.4.0.0
|
— | |
|
Oracle Enterprise Manager 13.5.0.0
Oracle / Enterprise Manager
|
cpe:/a:oracle:enterprise_manager:13.5.0.0
|
— |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Enterprise Manager (OEM) ist ein Set von System Management Werkzeugen von Oracle f\u00fcr Oracle Umgebungen. Es beinhaltet Werkzeuge zum Monitoring von Oracle Umgebung und zur Automatisierung von Datenbank- und Applikations Administration.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Enterprise Manager ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0134 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0134.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0134 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0134"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - January 2023 - Appendix Oracle Enterprise Manager vom 2023-01-17",
"url": "https://www.oracle.com/security-alerts/cpujan2023.html#AppendixEM"
}
],
"source_lang": "en-US",
"title": "Oracle Enterprise Manager: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-01-17T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:41:48.687+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-0134",
"initial_release_date": "2023-01-17T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-01-17T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Enterprise Manager 12.4.0.0",
"product": {
"name": "Oracle Enterprise Manager 12.4.0.0",
"product_id": "T018973",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:enterprise_manager:12.4.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Enterprise Manager 13.4.0.0",
"product": {
"name": "Oracle Enterprise Manager 13.4.0.0",
"product_id": "T018975",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:enterprise_manager:13.4.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Enterprise Manager 13.5.0.0",
"product": {
"name": "Oracle Enterprise Manager 13.5.0.0",
"product_id": "T020692",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:enterprise_manager:13.5.0.0"
}
}
}
],
"category": "product_name",
"name": "Enterprise Manager"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-42889",
"notes": [
{
"category": "description",
"text": "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018973",
"T018975",
"T020692"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-42889"
},
{
"cve": "CVE-2022-31813",
"notes": [
{
"category": "description",
"text": "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018973",
"T018975",
"T020692"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-31813"
},
{
"cve": "CVE-2022-25647",
"notes": [
{
"category": "description",
"text": "In Oracle Enterprise Manager existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T018973",
"T018975",
"T020692"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-25647"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…