Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-4492 (GCVE-0-2022-4492)
Vulnerability from cvelistv5 – Published: 2023-02-23 00:00 – Updated: 2025-03-12 14:34
VLAI
EPSS
Summary
The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- ssrf
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:45.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-4492"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230324-0002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4492",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T14:33:53.756138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T14:34:50.123Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "undertow",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "ssrf",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-4492"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230324-0002/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-4492",
"datePublished": "2023-02-23T00:00:00.000Z",
"dateReserved": "2022-12-14T00:00:00.000Z",
"dateUpdated": "2025-03-12T14:34:50.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-4492",
"date": "2026-06-14",
"epss": "0.00155",
"percentile": "0.36187"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE29B9D6-63DC-4779-ACE8-4E51E6A0AF37\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"78698F40-0777-4990-822D-02E1B5D0E2C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B87C8AD3-8878-4546-86C2-BF411876648C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF03BDE8-602D-4DEE-BA5B-5B20FDF47741\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72A54BDA-311C-413B-8E4D-388AD65A170A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B40CCE4F-EA2C-453D-BB76-6388767E5C6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C2E7E3C-A507-4AB2-97E5-4944D8775CF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:migration_toolkit_for_runtimes:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F979A5E3-7FFB-45F1-9847-FFBAF0B12067\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:undertow:2.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0FA5F7F-CCE8-4DF0-8F9D-516F72C30A45\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.\"}]",
"id": "CVE-2022-4492",
"lastModified": "2024-11-21T07:35:22.223",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2023-02-23T20:15:12.680",
"references": "[{\"url\": \"https://access.redhat.com/security/cve/CVE-2022-4492\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2153260\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230324-0002/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2022-4492\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2153260\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230324-0002/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-4492\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2023-02-23T20:15:12.680\",\"lastModified\":\"2025-03-12T15:15:38.020\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE29B9D6-63DC-4779-ACE8-4E51E6A0AF37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78698F40-0777-4990-822D-02E1B5D0E2C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B87C8AD3-8878-4546-86C2-BF411876648C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF03BDE8-602D-4DEE-BA5B-5B20FDF47741\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72A54BDA-311C-413B-8E4D-388AD65A170A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B40CCE4F-EA2C-453D-BB76-6388767E5C6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C2E7E3C-A507-4AB2-97E5-4944D8775CF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:migration_toolkit_for_runtimes:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F979A5E3-7FFB-45F1-9847-FFBAF0B12067\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:undertow:2.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0FA5F7F-CCE8-4DF0-8F9D-516F72C30A45\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/CVE-2022-4492\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2153260\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230324-0002/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2022-4492\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2153260\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230324-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2153260\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2022-4492\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230324-0002/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T01:41:45.097Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-4492\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-12T14:33:53.756138Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918 Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-12T14:34:43.639Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"undertow\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.7\"}]}], \"references\": [{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2153260\"}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2022-4492\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230324-0002/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"ssrf\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2023-03-24T00:00:00.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-4492\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-12T14:34:50.123Z\", \"dateReserved\": \"2022-12-14T00:00:00.000Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2023-02-23T00:00:00.000Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2023_4983
Vulnerability from csaf_redhat - Published: 2023-09-05 18:37 - Updated: 2024-12-17 22:56Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.4 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which provides a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
Details: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This asynchronous security patch is an update to Red Hat Process Automation Manager 7.
Security Fixes:
* apache-bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)
* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)
* mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* loader-utils: regular expression denial of service in interpolateName.js (CVE-2022-37599)
* protobuf-java: timeout in parser leads to DoS (CVE-2022-3171)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* RESTEasy: creation of insecure temp files (CVE-2023-0482)
* sshd-core: mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server (CVE-2021-30129)
For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.4 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.4 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.4 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Textformat in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.4 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Message-Type Extensions in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.4 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.4 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.4 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the interpolateName function in interpolateName.js in the webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. This flaw can lead to a regular expression denial of service (ReDoS).
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.4 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.4 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.4 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.4 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.4 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.4 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.4 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.4 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.4 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.4 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.4 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
100 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which provides a detailed severity rating, is available for each vulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fixes:\n\n* apache-bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* loader-utils: regular expression denial of service in interpolateName.js (CVE-2022-37599)\n\n* protobuf-java: timeout in parser leads to DoS (CVE-2022-3171)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* RESTEasy: creation of insecure temp files (CVE-2023-0482)\n\n* sshd-core: mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server (CVE-2021-30129)\n\nFor more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4983",
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1981527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981527"
},
{
"category": "external",
"summary": "2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2134872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134872"
},
{
"category": "external",
"summary": "2137645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137645"
},
{
"category": "external",
"summary": "2142707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707"
},
{
"category": "external",
"summary": "2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "2166004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166004"
},
{
"category": "external",
"summary": "2170644",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644"
},
{
"category": "external",
"summary": "2180528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528"
},
{
"category": "external",
"summary": "2209342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209342"
},
{
"category": "external",
"summary": "RHPAM-4639",
"url": "https://issues.redhat.com/browse/RHPAM-4639"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4983.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.4 security update",
"tracking": {
"current_release_date": "2024-12-17T22:56:41+00:00",
"generator": {
"date": "2024-12-17T22:56:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:4983",
"initial_release_date": "2023-09-05T18:37:03+00:00",
"revision_history": [
{
"date": "2023-09-05T18:37:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-05T18:37:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T22:56:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHPAM 7.13.4 async",
"product": {
"name": "RHPAM 7.13.4 async",
"product_id": "RHPAM 7.13.4 async",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13"
}
}
}
],
"category": "product_family",
"name": "Red Hat Process Automation Manager"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-30129",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1981527"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-30129"
},
{
"category": "external",
"summary": "RHBZ#1981527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981527"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-30129",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-30129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30129"
}
],
"release_date": "2021-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server"
},
{
"cve": "CVE-2022-3143",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124682"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: possible timing attacks via use of unsafe comparator",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3143"
},
{
"category": "external",
"summary": "RHBZ#2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: possible timing attacks via use of unsafe comparator"
},
{
"cve": "CVE-2022-3171",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2137645"
}
],
"notes": [
{
"category": "description",
"text": "A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "protobuf-java: timeout in parser leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3171"
},
{
"category": "external",
"summary": "RHBZ#2137645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137645"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3171"
},
{
"category": "external",
"summary": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2",
"url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2"
}
],
"release_date": "2022-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "protobuf-java: timeout in parser leads to DoS"
},
{
"cve": "CVE-2022-3509",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2022-12-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2184161"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Textformat in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "protobuf-java: Textformat parsing issue leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3509"
},
{
"category": "external",
"summary": "RHBZ#2184161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184161"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3509",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3509"
}
],
"release_date": "2022-12-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "protobuf-java: Textformat parsing issue leads to DoS"
},
{
"cve": "CVE-2022-3510",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2022-12-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2184176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Message-Type Extensions in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "protobuf-java: Message-Type Extensions parsing issue leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3510"
},
{
"category": "external",
"summary": "RHBZ#2184176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3510",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3510"
}
],
"release_date": "2022-12-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "protobuf-java: Message-Type Extensions parsing issue leads to DoS"
},
{
"cve": "CVE-2022-4492",
"cwe": {
"id": "CWE-550",
"name": "Server-generated Error Message Containing Sensitive Information"
},
"discovery_date": "2022-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2153260"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Server identity in https connection is not checked by the undertow client",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-4492"
},
{
"category": "external",
"summary": "RHBZ#2153260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-4492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492"
}
],
"release_date": "2022-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Server identity in https connection is not checked by the undertow client"
},
{
"cve": "CVE-2022-25857",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2126789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25857"
},
{
"category": "external",
"summary": "RHBZ#2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525"
}
],
"release_date": "2022-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections"
},
{
"cve": "CVE-2022-37599",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the interpolateName function in interpolateName.js in the webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. This flaw can lead to a regular expression denial of service (ReDoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "loader-utils: regular expression denial of service in interpolateName.js",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container and openshift-logging/logging-view-plugin-rhel8 bundles many nodejs packages as a build time dependencies, including loader-utils package. The vulnerable code is not used hence the impact to OpenShift Logging by this vulnerability is Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-37599"
},
{
"category": "external",
"summary": "RHBZ#2134872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-37599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37599",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37599"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g",
"url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g"
},
{
"category": "external",
"summary": "https://github.com/webpack/loader-utils/issues/211",
"url": "https://github.com/webpack/loader-utils/issues/211"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"RHPAM 7.13.4 async"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "loader-utils: regular expression denial of service in interpolateName.js"
},
{
"cve": "CVE-2022-38900",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170644"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "decode-uri-component: improper input validation resulting in DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38900"
},
{
"category": "external",
"summary": "RHBZ#2170644",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900"
},
{
"category": "external",
"summary": "https://github.com/SamVerschueren/decode-uri-component/issues/5",
"url": "https://github.com/SamVerschueren/decode-uri-component/issues/5"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-w573-4hg7-7wgq",
"url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq"
}
],
"release_date": "2022-11-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "decode-uri-component: improper input validation resulting in DoS"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-41854",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2151988"
}
],
"notes": [
{
"category": "description",
"text": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dev-java/snakeyaml: DoS via stack overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41854"
},
{
"category": "external",
"summary": "RHBZ#2151988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151988"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355"
},
{
"category": "external",
"summary": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355"
}
],
"release_date": "2022-11-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dev-java/snakeyaml: DoS via stack overflow"
},
{
"cve": "CVE-2022-42920",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-11-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2142707"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Fuse 7 ships the code in question but does not utilize it in the product, so it is affected at a reduced impact of Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42920"
},
{
"category": "external",
"summary": "RHBZ#2142707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4",
"url": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4"
}
],
"release_date": "2022-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing"
},
{
"cve": "CVE-2022-45047",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-11-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2145194"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mina-sshd: Java unsafe deserialization vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45047"
},
{
"category": "external",
"summary": "RHBZ#2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
"url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
}
],
"release_date": "2022-11-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
},
{
"category": "workaround",
"details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).",
"product_ids": [
"RHPAM 7.13.4 async"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mina-sshd: Java unsafe deserialization vulnerability"
},
{
"cve": "CVE-2023-0482",
"cwe": {
"id": "CWE-378",
"name": "Creation of Temporary File With Insecure Permissions"
},
"discovery_date": "2023-01-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166004"
}
],
"notes": [
{
"category": "description",
"text": "In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RESTEasy: creation of insecure temp files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0482"
},
{
"category": "external",
"summary": "RHBZ#2166004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0482",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0482"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0482",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0482"
}
],
"release_date": "2023-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "RESTEasy: creation of insecure temp files"
},
{
"cve": "CVE-2023-20860",
"cwe": {
"id": "CWE-155",
"name": "Improper Neutralization of Wildcards or Matching Symbols"
},
"discovery_date": "2023-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20860"
},
{
"category": "external",
"summary": "RHBZ#2180528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20860",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20860"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860"
},
{
"category": "external",
"summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861",
"url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861"
}
],
"release_date": "2023-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern"
},
{
"cve": "CVE-2023-20861",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180530"
}
],
"notes": [
{
"category": "description",
"text": "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: Spring Expression DoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20861"
},
{
"category": "external",
"summary": "RHBZ#2180530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20861"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861"
},
{
"category": "external",
"summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861",
"url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861"
}
],
"release_date": "2023-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "springframework: Spring Expression DoS Vulnerability"
},
{
"cve": "CVE-2023-20883",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-05-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2209342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot\u0027s welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-boot: Spring Boot Welcome Page DoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20883"
},
{
"category": "external",
"summary": "RHBZ#2209342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20883"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20883",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20883"
}
],
"release_date": "2023-05-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spring-boot: Spring Boot Welcome Page DoS Vulnerability"
},
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2172298"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "FileUpload: FileUpload DoS with excessive parts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.4 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "RHBZ#2172298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5",
"url": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5"
}
],
"release_date": "2023-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-05T18:37:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.4 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.4 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "FileUpload: FileUpload DoS with excessive parts"
}
]
}
RHSA-2025:9582
Vulnerability from csaf_redhat - Published: 2025-06-25 00:21 - Updated: 2026-05-14 22:30Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.11 on RHEL 7 security update
Severity
Important
Notes
Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.1.11 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.10, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.1.11 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: special character in query results in server errors [eap-7.1.z] (CVE-2020-27782)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans [eap-7.1.z] (CVE-2020-10740)
* libthrift: potential DoS when processing untrusted payloads [eap-7.1.z] (CVE-2020-13949)
* netty-all: netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way [eap-7.1.z] (CVE-2021-37137)
* hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used [eap-7.1.z] (CVE-2020-25638)
* wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL - WFSSL-51 - Memory leak with mutual authentication and OpenSSL (CVE-2020-25644)
* netty-all: netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data [eap-7.1.z] (CVE-2021-37136)
* jackson-databind: denial of service via a large depth of nested objects [eap-7.1.z] (CVE-2020-36518)
* eap: JBoss EAP: wildfly-elytron has a SSRF security issue [eap-7.1.z] (CVE-2024-1233)
* keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS [eap-7.1.z] (CVE-2024-1249)
* undertow: Server identity in https connection is not checked by the undertow client [eap-7.1.z] (CVE-2022-4492)
* undertow: AJP Request closes connection exceeding maxRequestSize [eap-7.1.z] (CVE-2023-5379)
* undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) [eap-7.1.z] (CVE-2022-1259)
* wildfly-elytron: possible timing attacks via use of unsafe comparator [eap-7.1.z] (CVE-2022-3143)
* jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate [eap-7.1.z] (CVE-2021-28170)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.
7.5 (High)
Affected products
Fixed
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in libthrift. Applications using Thrift would not show an error upon receiving messages declaring containers of sizes larger than the payload. This results in malicious RPC clients with the ability to send short messages which would result in a large memory allocation, potentially leading to denial of service. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
7.4 (High)
Affected products
Fixed
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.
7.5 (High)
Affected products
Fixed
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.
7.5 (High)
Affected products
Fixed
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.
7.5 (High)
Affected products
Fixed
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.
7.5 (High)
Affected products
Fixed
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server.
7.5 (High)
Affected products
Fixed
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.
7.4 (High)
Affected products
Fixed
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.
7.5 (High)
Affected products
Fixed
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).
7.5 (High)
Affected products
Fixed
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.
7.3 (High)
Affected products
Fixed
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
83 references
Acknowledgments
SySS GmbH
Moritz Bechler
Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.1.11 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.10, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.1.11 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: special character in query results in server errors [eap-7.1.z] (CVE-2020-27782)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans [eap-7.1.z] (CVE-2020-10740)\n\n* libthrift: potential DoS when processing untrusted payloads [eap-7.1.z] (CVE-2020-13949)\n\n* netty-all: netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way [eap-7.1.z] (CVE-2021-37137)\n\n* hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used [eap-7.1.z] (CVE-2020-25638)\n\n* wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL - WFSSL-51 - Memory leak with mutual authentication and OpenSSL (CVE-2020-25644)\n\n* netty-all: netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data [eap-7.1.z] (CVE-2021-37136)\n\n* jackson-databind: denial of service via a large depth of nested objects [eap-7.1.z] (CVE-2020-36518)\n\n* eap: JBoss EAP: wildfly-elytron has a SSRF security issue [eap-7.1.z] (CVE-2024-1233)\n\n* keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS [eap-7.1.z] (CVE-2024-1249)\n\n* undertow: Server identity in https connection is not checked by the undertow client [eap-7.1.z] (CVE-2022-4492)\n\n* undertow: AJP Request closes connection exceeding maxRequestSize [eap-7.1.z] (CVE-2023-5379)\n\n* undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) [eap-7.1.z] (CVE-2022-1259)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator [eap-7.1.z] (CVE-2022-3143)\n\n* jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate [eap-7.1.z] (CVE-2021-28170)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:9582",
"url": "https://access.redhat.com/errata/RHSA-2025:9582"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "1881353",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353"
},
{
"category": "external",
"summary": "1885485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885485"
},
{
"category": "external",
"summary": "1901304",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901304"
},
{
"category": "external",
"summary": "1928172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928172"
},
{
"category": "external",
"summary": "1965497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965497"
},
{
"category": "external",
"summary": "2004133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133"
},
{
"category": "external",
"summary": "2004135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135"
},
{
"category": "external",
"summary": "2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "2072339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072339"
},
{
"category": "external",
"summary": "2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "2153260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
},
{
"category": "external",
"summary": "2242099",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242099"
},
{
"category": "external",
"summary": "2262849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262849"
},
{
"category": "external",
"summary": "2262918",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262918"
},
{
"category": "external",
"summary": "JBEAP-29413",
"url": "https://issues.redhat.com/browse/JBEAP-29413"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_9582.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.11 on RHEL 7 security update",
"tracking": {
"current_release_date": "2026-05-14T22:30:23+00:00",
"generator": {
"date": "2026-05-14T22:30:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2025:9582",
"initial_release_date": "2025-06-25T00:21:15+00:00",
"revision_history": [
{
"date": "2025-06-25T00:21:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-25T00:21:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:30:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"product": {
"name": "eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"product_id": "eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.63-2.Final_redhat_00003.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"product": {
"name": "eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"product_id": "eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@1.4.18-16.SP14_redhat_00001.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"product": {
"name": "eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"product_id": "eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.8.11.6-3.SP1_redhat_00003.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"product": {
"name": "eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"product_id": "eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.1.17-3.Final_redhat_00004.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"product_id": "eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.1.14-1.Final_redhat_00001.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"product": {
"name": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"product_id": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl@1.0.12-1.Final_redhat_00001.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"product": {
"name": "eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"product_id": "eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-naming-client@1.0.13-1.Final_redhat_00001.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"product_id": "eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.12-1.Final_redhat_00002.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"product": {
"name": "eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"product_id": "eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-el@3.0.1-4.b08_redhat_00005.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"product": {
"name": "eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"product_id": "eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.21-1.Final_redhat_00001.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"product": {
"name": "eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"product_id": "eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.1.11-4.GA_redhat_00002.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"product": {
"name": "eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"product_id": "eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux@1.0.12-6.Final_redhat_00001.1.ep7.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"product": {
"name": "eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"product_id": "eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.63-2.Final_redhat_00003.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"product": {
"name": "eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"product_id": "eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-all@4.1.63-2.Final_redhat_00003.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@1.4.18-16.SP14_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"product_id": "eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.8.11.6-3.SP1_redhat_00003.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"product": {
"name": "eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"product_id": "eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.1.17-3.Final_redhat_00004.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"product_id": "eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.1.17-3.Final_redhat_00004.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.1.17-3.Final_redhat_00004.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"product_id": "eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.1.17-3.Final_redhat_00004.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"product": {
"name": "eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"product_id": "eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-infinispan@5.1.17-3.Final_redhat_00004.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"product_id": "eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.1.17-3.Final_redhat_00004.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.1.14-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl@1.0.12-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl-java@1.0.12-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-naming-client@1.0.13-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"product": {
"name": "eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"product_id": "eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.12-1.Final_redhat_00002.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"product": {
"name": "eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"product_id": "eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-el@3.0.1-4.b08_redhat_00005.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"product": {
"name": "eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"product_id": "eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-el-impl@3.0.1-4.b08_redhat_00005.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.21-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.21-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.21-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.21-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.1.11-4.GA_redhat_00002.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.1.11-4.GA_redhat_00002.1.ep7.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"product": {
"name": "eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"product_id": "eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux@1.0.12-6.Final_redhat_00001.1.ep7.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"product": {
"name": "eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"product_id": "eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux-debuginfo@1.0.12-6.Final_redhat_00001.1.ep7.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch"
},
"product_reference": "eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src"
},
"product_reference": "eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch"
},
"product_reference": "eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch"
},
"product_reference": "eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src"
},
"product_reference": "eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch"
},
"product_reference": "eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src"
},
"product_reference": "eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src"
},
"product_reference": "eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch"
},
"product_reference": "eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src"
},
"product_reference": "eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch"
},
"product_reference": "eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src"
},
"product_reference": "eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src"
},
"product_reference": "eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src"
},
"product_reference": "eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src"
},
"product_reference": "eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src"
},
"product_reference": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src"
},
"product_reference": "eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
},
"product_reference": "eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64 as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
},
"product_reference": "eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Moritz Bechler"
],
"organization": "SySS GmbH"
}
],
"cve": "CVE-2020-10740",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1834512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10740"
},
{
"category": "external",
"summary": "RHBZ#1834512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10740",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10740"
}
],
"release_date": "2020-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:21:15+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9582"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wildfly: unsafe deserialization in Wildfly Enterprise Java Beans"
},
{
"cve": "CVE-2020-13949",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-02-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1928172"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libthrift. Applications using Thrift would not show an error upon receiving messages declaring containers of sizes larger than the payload. This results in malicious RPC clients with the ability to send short messages which would result in a large memory allocation, potentially leading to denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libthrift: potential DoS when processing untrusted payloads",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* A vulnerable version of the libthrift library is delivered in listed OpenShift Container Platform (OCP) and OpenShift Jaeger (Jaeger) components, but the vulnerable code is not invoked, therefore these components are affected but with impact Moderate. \n\n* For Red Hat OpenStack, because the fix would require a substantial amount of development and OpenDaylight is deprecated in all future versions (RHOSP10 was in tech preview), no update will be provided at this time for the RHOSP libthrift package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-13949"
},
{
"category": "external",
"summary": "RHBZ#1928172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928172"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-13949",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13949"
}
],
"release_date": "2021-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:21:15+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9582"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libthrift: potential DoS when processing untrusted payloads"
},
{
"cve": "CVE-2020-25638",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2020-09-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1881353"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For Red Hat Process Automation Manager and Red Hat Decision Manager, the kie-server-ee7 zip is primarily for Weblogic/Websphere which is decided to stay on hibernate 5.1.x, it\u0027s not possible to make an upgrade to 5.3.x due to technical reasons. For this reason this fix is included only for kie-server-ee7. For this reason there are two components for RHPAM and RHDM.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-25638"
},
{
"category": "external",
"summary": "RHBZ#1881353",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25638"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25638",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25638"
}
],
"release_date": "2020-10-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:21:15+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9582"
},
{
"category": "workaround",
"details": "Set hibernate.use_sql_comments to false, which is the default value, or use named parameters instead of literals. Please refer to details in https://docs.jboss.org/hibernate/orm/5.4/userguide/html_single/Hibernate_User_Guide.html#configurations-logging and https://docs.jboss.org/hibernate/orm/5.4/userguide/html_single/Hibernate_User_Guide.html#sql-query-parameters.",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used"
},
{
"cve": "CVE-2020-25644",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2020-05-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1885485"
}
],
"notes": [
{
"category": "description",
"text": "A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-25644"
},
{
"category": "external",
"summary": "RHBZ#1885485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885485"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-25644",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25644"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25644",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25644"
}
],
"release_date": "2020-09-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:21:15+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9582"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this issue.",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL"
},
{
"cve": "CVE-2020-27782",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-11-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1901304"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: special character in query results in server errors",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-27782"
},
{
"category": "external",
"summary": "RHBZ#1901304",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901304"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27782"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27782"
}
],
"release_date": "2021-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:21:15+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9582"
},
{
"category": "workaround",
"details": "The issue can be mitigated by using HTTP/1.1 instead of AJP to proxy to the back-end.",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: special character in query results in server errors"
},
{
"cve": "CVE-2020-36518",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064698"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: denial of service via a large depth of nested objects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36518"
},
{
"category": "external",
"summary": "RHBZ#2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2",
"url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2"
}
],
"release_date": "2020-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:21:15+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9582"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: denial of service via a large depth of nested objects"
},
{
"cve": "CVE-2021-28170",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-05-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1965497"
}
],
"notes": [
{
"category": "description",
"text": "In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-28170"
},
{
"category": "external",
"summary": "RHBZ#1965497",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965497"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-28170",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28170"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28170",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28170"
},
{
"category": "external",
"summary": "https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/",
"url": "https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/"
}
],
"release_date": "2021-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:21:15+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9582"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate"
},
{
"cve": "CVE-2021-37136",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2004133"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-37136"
},
{
"category": "external",
"summary": "RHBZ#2004133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
}
],
"release_date": "2021-09-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:21:15+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9582"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data"
},
{
"cve": "CVE-2021-37137",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2004135"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-37137"
},
{
"category": "external",
"summary": "RHBZ#2004135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
}
],
"release_date": "2021-09-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:21:15+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9582"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way"
},
{
"cve": "CVE-2022-1259",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-04-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs because of an incomplete fix for CVE-2021-3629.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1259"
},
{
"category": "external",
"summary": "RHBZ#2072339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1259",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1259"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1259",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1259"
}
],
"release_date": "2022-04-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:21:15+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9582"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)"
},
{
"cve": "CVE-2022-3143",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124682"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: possible timing attacks via use of unsafe comparator",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3143"
},
{
"category": "external",
"summary": "RHBZ#2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:21:15+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9582"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: possible timing attacks via use of unsafe comparator"
},
{
"cve": "CVE-2022-4492",
"cwe": {
"id": "CWE-550",
"name": "Server-generated Error Message Containing Sensitive Information"
},
"discovery_date": "2022-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2153260"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Server identity in https connection is not checked by the undertow client",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-4492"
},
{
"category": "external",
"summary": "RHBZ#2153260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-4492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492"
}
],
"release_date": "2022-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:21:15+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9582"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Server identity in https connection is not checked by the undertow client"
},
{
"cve": "CVE-2023-5379",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-10-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242099"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: AJP Request closes connection exceeding maxRequestSize",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Due to AJP packet size limitation by ProxyIOBufferSize (default: 8192, max: 65536) directive on httpd side, AJP packets larger than 64KB will not reach JBoss EAP. The default value of max-header-size in JBoss EAP 7 is 1048576 (1MiB), therefore, only JBoss EAP instances with max-header-size set to 64 KB or less may be affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5379"
},
{
"category": "external",
"summary": "RHBZ#2242099",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242099"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5379",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5379"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5379",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5379"
}
],
"release_date": "2023-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:21:15+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9582"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: AJP Request closes connection exceeding maxRequestSize"
},
{
"acknowledgments": [
{
"names": [
"Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab"
]
}
],
"cve": "CVE-2024-1233",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2024-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2262849"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP: wildfly-elytron has a SSRF security issue",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The SSRF vulnerability in JwtValidator.resolvePublicKey is considered a moderate severity issue due to its potential to allow unauthorized internal network access and exposure of sensitive information, albeit with certain constraints. The vulnerability leverages the absence of URL whitelisting or filtering when resolving the jku header, which can be exploited to make HTTP requests to arbitrary URLs. While the immediate impact might not directly compromise sensitive data or system integrity, it opens a pathway for attackers to discover and interact with internal services, potentially leading to further exploitation. The exploitation complexity and the need for an attacker to craft a malicious JWT token mitigate the severity to a moderate level, as it requires a certain degree of knowledge and capability to execute effectively.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1233"
},
{
"category": "external",
"summary": "RHBZ#2262849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262849"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1233"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1233",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1233"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-v4mm-q8fv-r2w5",
"url": "https://github.com/advisories/GHSA-v4mm-q8fv-r2w5"
},
{
"category": "external",
"summary": "https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523",
"url": "https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/WFLY-19226",
"url": "https://issues.redhat.com/browse/WFLY-19226"
}
],
"release_date": "2024-04-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:21:15+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9582"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-glassfish-el-impl-0:3.0.1-4.b08_redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-core-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-entitymanager-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-envers-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-infinispan-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-hibernate-java8-0:5.1.17-3.Final_redhat_00004.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-2.Final_redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-client-common-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-ejb-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-naming-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-http-transaction-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.11-4.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-java-0:1.0.12-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-openssl-linux-debuginfo-0:1.0.12-6.Final_redhat_00001.1.ep7.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "EAP: wildfly-elytron has a SSRF security issue"
}
]
}
RHSA-2025:9583
Vulnerability from csaf_redhat - Published: 2025-06-25 00:16 - Updated: 2026-06-10 08:37Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.14 Security update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.13, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.14 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: unrestricted request storage leads to memory exhaustion [eap-7.3.z] (CVE-2023-1973)
* undertow: Infinite loop in SslConduit during close [eap-7.3.z] (CVE-2023-1108)
* undertow: OutOfMemoryError due to @MultipartConfig handling [eap-7.3.z] (CVE-2023-3223)
* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.3.z] (CVE-2024-1635)
* keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS [eap-7.3.z] (CVE-2024-1249)
* undertow: Server identity in https connection is not checked by the undertow client [eap-7.3.z] (CVE-2022-4492)
* undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) [eap-7.3.z] (CVE-2022-1259)
* undertow: Large AJP request may cause DoS [eap-7.3.z] (CVE-2022-2053)
* undertow: AJP Request closes connection exceeding maxRequestSize [eap-7.3.z] (CVE-2023-5379)
* undertow: Double AJP response for 400 from EAP 7 results in CPING failures [eap-7.3.z] (CVE-2022-1319)
* eap: JBoss EAP: wildfly-elytron has a SSRF security issue [eap-7.3.z] (CVE-2024-1233)
* wildfly-elytron: possible timing attacks via use of unsafe comparator [eap-7.3.z] (CVE-2022-3143)
* netty-all: netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way [eap-7.3.z] (CVE-2021-37137)
* netty-all: netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data [eap-7.3.z] (CVE-2021-37136)
* jackson-databind: denial of service via a large depth of nested objects [eap-7.3.z] (CVE-2020-36518)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.
7.5 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.
7.5 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.
7.5 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server.
7.5 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.
7.5 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.
7.4 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.
7.5 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
7.5 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.
7.5 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
7.5 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).
7.5 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.
7.3 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. At HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.
7.5 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
84 references
Acknowledgments
System and Software Security Lab in Fudan University
Keke Lian & Haoran Zhao
Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.13, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.14 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: unrestricted request storage leads to memory exhaustion [eap-7.3.z] (CVE-2023-1973)\n\n* undertow: Infinite loop in SslConduit during close [eap-7.3.z] (CVE-2023-1108)\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling [eap-7.3.z] (CVE-2023-3223)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.3.z] (CVE-2024-1635)\n\n* keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS [eap-7.3.z] (CVE-2024-1249)\n\n* undertow: Server identity in https connection is not checked by the undertow client [eap-7.3.z] (CVE-2022-4492)\n\n* undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) [eap-7.3.z] (CVE-2022-1259)\n\n* undertow: Large AJP request may cause DoS [eap-7.3.z] (CVE-2022-2053)\n\n* undertow: AJP Request closes connection exceeding maxRequestSize [eap-7.3.z] (CVE-2023-5379)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures [eap-7.3.z] (CVE-2022-1319)\n\n* eap: JBoss EAP: wildfly-elytron has a SSRF security issue [eap-7.3.z] (CVE-2024-1233)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator [eap-7.3.z] (CVE-2022-3143)\n\n* netty-all: netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way [eap-7.3.z] (CVE-2021-37137)\n\n* netty-all: netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data [eap-7.3.z] (CVE-2021-37136)\n\n* jackson-databind: denial of service via a large depth of nested objects [eap-7.3.z] (CVE-2020-36518)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:9583",
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2004133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133"
},
{
"category": "external",
"summary": "2004135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135"
},
{
"category": "external",
"summary": "2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "2072339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072339"
},
{
"category": "external",
"summary": "2073890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890"
},
{
"category": "external",
"summary": "2095862",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095862"
},
{
"category": "external",
"summary": "2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "2153260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
},
{
"category": "external",
"summary": "2174246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246"
},
{
"category": "external",
"summary": "2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "2209689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209689"
},
{
"category": "external",
"summary": "2242099",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242099"
},
{
"category": "external",
"summary": "2262849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262849"
},
{
"category": "external",
"summary": "2262918",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262918"
},
{
"category": "external",
"summary": "2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "JBEAP-29448",
"url": "https://issues.redhat.com/browse/JBEAP-29448"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_9583.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.14 Security update",
"tracking": {
"current_release_date": "2026-06-10T08:37:38+00:00",
"generator": {
"date": "2026-06-10T08:37:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:9583",
"initial_release_date": "2025-06-25T00:16:10+00:00",
"revision_history": [
{
"date": "2025-06-25T00:16:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-25T00:16:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-10T08:37:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"product_id": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-3.redhat_00006.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"product_id": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-5.redhat_00006.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.10.4-3.redhat_00006.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"product_id": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.63-5.Final_redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"product": {
"name": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"product_id": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-3.redhat_00006.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"product_id": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-5.redhat_00006.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"product_id": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.41-4.SP5_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-2.redhat_00006.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.17-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.14-3.GA_redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-16.Final_redhat_00017.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-3.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-5.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.10.4-3.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.10.4-3.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.63-5.Final_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-all@4.1.63-5.Final_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-3.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.10.4-5.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-5.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.41-4.SP5_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.10.4-2.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.10.4-2.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-2.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.14-3.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.3.14-3.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.3.14-3.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.14-3.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.14-3.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src"
},
"product_reference": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36518",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064698"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: denial of service via a large depth of nested objects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36518"
},
{
"category": "external",
"summary": "RHBZ#2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2",
"url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2"
}
],
"release_date": "2020-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: denial of service via a large depth of nested objects"
},
{
"cve": "CVE-2021-37136",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2004133"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-37136"
},
{
"category": "external",
"summary": "RHBZ#2004133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
}
],
"release_date": "2021-09-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data"
},
{
"cve": "CVE-2021-37137",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2004135"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-37137"
},
{
"category": "external",
"summary": "RHBZ#2004135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
}
],
"release_date": "2021-09-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way"
},
{
"cve": "CVE-2022-1259",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-04-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs because of an incomplete fix for CVE-2021-3629.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1259"
},
{
"category": "external",
"summary": "RHBZ#2072339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1259",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1259"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1259",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1259"
}
],
"release_date": "2022-04-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)"
},
{
"cve": "CVE-2022-1319",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-04-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2073890"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1319"
},
{
"category": "external",
"summary": "RHBZ#2073890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319"
}
],
"release_date": "2022-04-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures"
},
{
"cve": "CVE-2022-2053",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2095862"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Large AJP request may cause DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse 7 is now in Maintenance Support Phase and is marked Fixed. However, Red Hat Fuse Online does not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2053"
},
{
"category": "external",
"summary": "RHBZ#2095862",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095862"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2053",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2053"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2053",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2053"
}
],
"release_date": "2022-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Large AJP request may cause DoS"
},
{
"cve": "CVE-2022-3143",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124682"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: possible timing attacks via use of unsafe comparator",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3143"
},
{
"category": "external",
"summary": "RHBZ#2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: possible timing attacks via use of unsafe comparator"
},
{
"cve": "CVE-2022-4492",
"cwe": {
"id": "CWE-550",
"name": "Server-generated Error Message Containing Sensitive Information"
},
"discovery_date": "2022-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2153260"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Server identity in https connection is not checked by the undertow client",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-4492"
},
{
"category": "external",
"summary": "RHBZ#2153260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-4492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492"
}
],
"release_date": "2022-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Server identity in https connection is not checked by the undertow client"
},
{
"cve": "CVE-2023-1108",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2023-02-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2174246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Undertow: Infinite loop in SslConduit during close",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1108"
},
{
"category": "external",
"summary": "RHBZ#2174246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1108",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1108"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1108",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1108"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-m4mm-pg93-fv78",
"url": "https://github.com/advisories/GHSA-m4mm-pg93-fv78"
}
],
"release_date": "2023-03-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Undertow: Infinite loop in SslConduit during close"
},
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Keke Lian \u0026 Haoran Zhao"
],
"organization": "System and Software Security Lab in Fudan University"
}
],
"cve": "CVE-2023-3223",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"discovery_date": "2023-05-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2209689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it\u0027s possible to bypass the limit by setting the file name in the request to null.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: OutOfMemoryError due to @MultipartConfig handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-3223"
},
{
"category": "external",
"summary": "RHBZ#2209689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-3223",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3223"
}
],
"release_date": "2023-08-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: OutOfMemoryError due to @MultipartConfig handling"
},
{
"cve": "CVE-2023-5379",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-10-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242099"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: AJP Request closes connection exceeding maxRequestSize",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Due to AJP packet size limitation by ProxyIOBufferSize (default: 8192, max: 65536) directive on httpd side, AJP packets larger than 64KB will not reach JBoss EAP. The default value of max-header-size in JBoss EAP 7 is 1048576 (1MiB), therefore, only JBoss EAP instances with max-header-size set to 64 KB or less may be affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5379"
},
{
"category": "external",
"summary": "RHBZ#2242099",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242099"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5379",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5379"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5379",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5379"
}
],
"release_date": "2023-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: AJP Request closes connection exceeding maxRequestSize"
},
{
"acknowledgments": [
{
"names": [
"Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab"
]
}
],
"cve": "CVE-2024-1233",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2024-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2262849"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP: wildfly-elytron has a SSRF security issue",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The SSRF vulnerability in JwtValidator.resolvePublicKey is considered a moderate severity issue due to its potential to allow unauthorized internal network access and exposure of sensitive information, albeit with certain constraints. The vulnerability leverages the absence of URL whitelisting or filtering when resolving the jku header, which can be exploited to make HTTP requests to arbitrary URLs. While the immediate impact might not directly compromise sensitive data or system integrity, it opens a pathway for attackers to discover and interact with internal services, potentially leading to further exploitation. The exploitation complexity and the need for an attacker to craft a malicious JWT token mitigate the severity to a moderate level, as it requires a certain degree of knowledge and capability to execute effectively.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1233"
},
{
"category": "external",
"summary": "RHBZ#2262849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262849"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1233"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1233",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1233"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-v4mm-q8fv-r2w5",
"url": "https://github.com/advisories/GHSA-v4mm-q8fv-r2w5"
},
{
"category": "external",
"summary": "https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523",
"url": "https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/WFLY-19226",
"url": "https://issues.redhat.com/browse/WFLY-19226"
}
],
"release_date": "2024-04-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "EAP: wildfly-elytron has a SSRF security issue"
},
{
"cve": "CVE-2024-1635",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264928"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1635"
},
{
"category": "external",
"summary": "RHBZ#2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635"
}
],
"release_date": "2023-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol"
}
]
}
WID-SEC-W-2023-0749
Vulnerability from csaf_certbund - Published: 2023-03-26 22:00 - Updated: 2023-03-26 22:00Summary
NetApp ActiveIQ Unified Manager: Schwachstelle ermöglicht Manipulation von Dateien
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: ActiveIQ Unified Manager ist eine Managementlösung für NetApp Storage Produkte.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in NetApp ActiveIQ Unified Manager ausnutzen, um Dateien zu manipulieren.
Betroffene Betriebssysteme: - UNIX
- Linux
- Windows
- Sonstiges
Es existiert eine Schwachstelle in NetApp ActiveIQ Unified Manager. Diese ist auf einen Fehler in der Komponente "Undertow" zurückzuführen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
NetApp ActiveIQ Unified Manager Linux
NetApp / ActiveIQ Unified Manager
|
cpe:/a:netapp:active_iq_unified_manager:for_linux
|
— | |
|
NetApp ActiveIQ Unified Manager Windows
NetApp / ActiveIQ Unified Manager
|
cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows
|
— | |
|
NetApp ActiveIQ Unified Manager VMware vSphere
NetApp / ActiveIQ Unified Manager
|
cpe:/a:netapp:active_iq_unified_manager:vmware_vsphere
|
— |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "ActiveIQ Unified Manager ist eine Managementl\u00f6sung f\u00fcr NetApp Storage Produkte.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in NetApp ActiveIQ Unified Manager ausnutzen, um Dateien zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0749 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0749.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0749 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0749"
},
{
"category": "external",
"summary": "Netapp Security Advisory vom 2023-03-26",
"url": "https://security.netapp.com/advisory/ntap-20230324-0002/"
}
],
"source_lang": "en-US",
"title": "NetApp ActiveIQ Unified Manager: Schwachstelle erm\u00f6glicht Manipulation von Dateien",
"tracking": {
"current_release_date": "2023-03-26T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:47:17.734+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-0749",
"initial_release_date": "2023-03-26T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-03-26T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager Linux",
"product": {
"name": "NetApp ActiveIQ Unified Manager Linux",
"product_id": "T023548",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:for_linux"
}
}
},
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager Windows",
"product": {
"name": "NetApp ActiveIQ Unified Manager Windows",
"product_id": "T025631",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows"
}
}
},
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager VMware vSphere",
"product": {
"name": "NetApp ActiveIQ Unified Manager VMware vSphere",
"product_id": "T026333",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:vmware_vsphere"
}
}
}
],
"category": "product_name",
"name": "ActiveIQ Unified Manager"
}
],
"category": "vendor",
"name": "NetApp"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-4492",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in NetApp ActiveIQ Unified Manager. Diese ist auf einen Fehler in der Komponente \"Undertow\" zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren."
}
],
"product_status": {
"known_affected": [
"T023548",
"T025631",
"T026333"
]
},
"release_date": "2023-03-26T22:00:00.000+00:00",
"title": "CVE-2022-4492"
}
]
}
WID-SEC-W-2023-1142
Vulnerability from csaf_certbund - Published: 2023-05-03 22:00 - Updated: 2025-06-09 22:00Summary
Red Hat Integration Camel for Spring Boot: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Integration Camel for Spring Boot ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität zu gefährden.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Application Runtimes
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:application_runtimes
|
Application Runtimes | |
|
Red Hat Enterprise Linux Apache Camel 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:apache_camel_1
|
Apache Camel 1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux Integration Camel for Spring Boot <3.20.1
Red Hat / Enterprise Linux
|
Integration Camel for Spring Boot <3.20.1 | ||
|
Red Hat OpenShift Container Platform <4.10.62
Red Hat / OpenShift
|
Container Platform <4.10.62 | ||
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Integration
Red Hat / Integration
|
cpe:/a:redhat:integration:-
|
— | |
|
Red Hat Integration Camel Extensions for Quarkus 1
Red Hat / Integration
|
cpe:/a:redhat:integration:camel_extensions_for_quarkus_1
|
Camel Extensions for Quarkus 1 |
References
30 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Integration Camel for Spring Boot ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1142 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1142.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1142 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1142"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2023-05-03",
"url": "https://access.redhat.com/errata/RHSA-2023:2100"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3179 vom 2023-05-17",
"url": "https://access.redhat.com/errata/RHSA-2023:3179"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3193 vom 2023-05-17",
"url": "https://access.redhat.com/errata/RHSA-2023:3193"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3622 vom 2023-06-15",
"url": "https://access.redhat.com/errata/RHSA-2023:3622"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3667 vom 2023-06-19",
"url": "https://access.redhat.com/errata/RHSA-2023:3667"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3626 vom 2023-06-23",
"url": "https://access.redhat.com/errata/RHSA-2023:3626"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3625 vom 2023-06-23",
"url": "https://access.redhat.com/errata/RHSA-2023:3625"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3906 vom 2023-06-28",
"url": "https://access.redhat.com/errata/RHSA-2023:3906"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3954 vom 2023-06-29",
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2023-2165 vom 2023-07-26",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2165.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4506 vom 2023-08-07",
"url": "https://access.redhat.com/errata/RHSA-2023:4506"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4507 vom 2023-08-07",
"url": "https://access.redhat.com/errata/RHSA-2023:4507"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4505 vom 2023-08-07",
"url": "https://access.redhat.com/errata/RHSA-2023:4505"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4509 vom 2023-08-07",
"url": "https://access.redhat.com/errata/RHSA-2023:4509"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4612 vom 2023-08-16",
"url": "https://access.redhat.com/errata/RHSA-2023:4612"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4919 vom 2023-08-31",
"url": "https://access.redhat.com/errata/RHSA-2023:4919"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4921 vom 2023-08-31",
"url": "https://access.redhat.com/errata/RHSA-2023:4921"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4924 vom 2023-08-31",
"url": "https://access.redhat.com/errata/RHSA-2023:4924"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4918 vom 2023-08-31",
"url": "https://access.redhat.com/errata/RHSA-2023:4918"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4920 vom 2023-08-31",
"url": "https://access.redhat.com/errata/RHSA-2023:4920"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7670 vom 2023-12-06",
"url": "https://access.redhat.com/errata/RHSA-2023:7670"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2023-300 vom 2023-12-22",
"url": "https://www.dell.com/support/kbdoc/000220649/dsa-2023-="
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2023-409 vom 2023-12-23",
"url": "https://www.dell.com/support/kbdoc/000220669/dsa-2023-="
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-1910 vom 2024-01-23",
"url": "https://alas.aws.amazon.com/ALAS-2024-1910.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1027 vom 2024-02-28",
"url": "https://access.redhat.com/errata/RHSA-2024:1027"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3541 vom 2025-04-02",
"url": "https://access.redhat.com/errata/RHSA-2025:3541"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3543 vom 2025-04-02",
"url": "https://access.redhat.com/errata/RHSA-2025:3543"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8761 vom 2025-06-10",
"url": "https://access.redhat.com/errata/RHSA-2025:8761"
}
],
"source_lang": "en-US",
"title": "Red Hat Integration Camel for Spring Boot: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-06-09T22:00:00.000+00:00",
"generator": {
"date": "2025-06-10T11:09:16.733+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2023-1142",
"initial_release_date": "2023-05-03T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-05-03T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-05-18T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-15T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-19T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-25T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-28T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-29T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-07-25T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-08-07T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-08-16T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-08-31T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-12-06T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-12-21T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2023-12-26T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-01-22T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-02-28T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-04-02T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-09T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "18"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell NetWorker",
"product": {
"name": "Dell NetWorker",
"product_id": "T024663",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:-"
}
}
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version_range",
"name": "Integration Camel for Spring Boot \u003c3.20.1",
"product": {
"name": "Red Hat Enterprise Linux Integration Camel for Spring Boot \u003c3.20.1",
"product_id": "T027614"
}
},
{
"category": "product_version",
"name": "Integration Camel for Spring Boot 3.20.1",
"product": {
"name": "Red Hat Enterprise Linux Integration Camel for Spring Boot 3.20.1",
"product_id": "T027614-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:integration_camel_for_spring_boot__3.20.1"
}
}
},
{
"category": "product_version",
"name": "Apache Camel 1",
"product": {
"name": "Red Hat Enterprise Linux Apache Camel 1",
"product_id": "T044468",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:apache_camel_1"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "Camel Extensions for Quarkus 1",
"product": {
"name": "Red Hat Integration Camel Extensions for Quarkus 1",
"product_id": "T026453",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:integration:camel_extensions_for_quarkus_1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Integration",
"product": {
"name": "Red Hat Integration",
"product_id": "T033960",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:integration:-"
}
}
}
],
"category": "product_name",
"name": "Integration"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Container Platform \u003c4.10.62",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.10.62",
"product_id": "T028308"
}
},
{
"category": "product_version",
"name": "Container Platform 4.10.62",
"product": {
"name": "Red Hat OpenShift Container Platform 4.10.62",
"product_id": "T028308-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.10.62"
}
}
},
{
"category": "product_version",
"name": "Application Runtimes",
"product": {
"name": "Red Hat OpenShift Application Runtimes",
"product_id": "T029341",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:application_runtimes"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-37533",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2021-37533"
},
{
"cve": "CVE-2022-25857",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-25857"
},
{
"cve": "CVE-2022-31777",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-31777"
},
{
"cve": "CVE-2022-33681",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-33681"
},
{
"cve": "CVE-2022-37865",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-37865"
},
{
"cve": "CVE-2022-37866",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-37866"
},
{
"cve": "CVE-2022-38398",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-38398"
},
{
"cve": "CVE-2022-38648",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-38648"
},
{
"cve": "CVE-2022-38749",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-38749"
},
{
"cve": "CVE-2022-38750",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-38750"
},
{
"cve": "CVE-2022-38751",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-38751"
},
{
"cve": "CVE-2022-38752",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-38752"
},
{
"cve": "CVE-2022-39368",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-39368"
},
{
"cve": "CVE-2022-40146",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-40146"
},
{
"cve": "CVE-2022-40150",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-40150"
},
{
"cve": "CVE-2022-40151",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-40151"
},
{
"cve": "CVE-2022-40152",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-40152"
},
{
"cve": "CVE-2022-40156",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-40156"
},
{
"cve": "CVE-2022-41704",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-41704"
},
{
"cve": "CVE-2022-41852",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-41852"
},
{
"cve": "CVE-2022-41853",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-41853"
},
{
"cve": "CVE-2022-41854",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-41854"
},
{
"cve": "CVE-2022-41881",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-41881"
},
{
"cve": "CVE-2022-41966",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-41966"
},
{
"cve": "CVE-2022-42003",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-42004",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-42004"
},
{
"cve": "CVE-2022-42890",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-42890"
},
{
"cve": "CVE-2022-4492",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2022-4492"
},
{
"cve": "CVE-2023-1370",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2023-1370"
},
{
"cve": "CVE-2023-1436",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2023-1436"
},
{
"cve": "CVE-2023-20860",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2023-20860"
},
{
"cve": "CVE-2023-20861",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2023-20861"
},
{
"cve": "CVE-2023-20863",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2023-20863"
},
{
"cve": "CVE-2023-22602",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2023-22602"
},
{
"cve": "CVE-2023-24998",
"product_status": {
"known_affected": [
"T029341",
"T044468",
"67646",
"T027614",
"T028308",
"T024663",
"398363",
"T033960",
"T026453"
]
},
"release_date": "2023-05-03T22:00:00.000+00:00",
"title": "CVE-2023-24998"
}
]
}
WID-SEC-W-2023-1193
Vulnerability from csaf_certbund - Published: 2023-05-10 22:00 - Updated: 2024-03-17 23:00Summary
Red Hat Single Sign On: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Single Sign-On ist ein eigenständiger Server, basierend auf dem Keycloak Projekt.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Single Sign On ausnutzen, um einen Denial of Service Angriff durchzuführen, Informationen offenzulegen oder Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Linux
In Red Hat Single Sign On existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zurückzuführen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Informationen offenzulegen oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Quarkus
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:quarkus
|
Quarkus | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat JBoss A-MQ Streams < 2.4.0
Red Hat / JBoss A-MQ
|
Streams < 2.4.0 | ||
|
Hitachi Ops Center < Common Services 10.9.3-00
Hitachi / Ops Center
|
< Common Services 10.9.3-00 |
In Red Hat Single Sign On existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zurückzuführen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Informationen offenzulegen oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Quarkus
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:quarkus
|
Quarkus | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat JBoss A-MQ Streams < 2.4.0
Red Hat / JBoss A-MQ
|
Streams < 2.4.0 | ||
|
Hitachi Ops Center < Common Services 10.9.3-00
Hitachi / Ops Center
|
< Common Services 10.9.3-00 |
In Red Hat Single Sign On existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zurückzuführen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Informationen offenzulegen oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Quarkus
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:quarkus
|
Quarkus | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat JBoss A-MQ Streams < 2.4.0
Red Hat / JBoss A-MQ
|
Streams < 2.4.0 | ||
|
Hitachi Ops Center < Common Services 10.9.3-00
Hitachi / Ops Center
|
< Common Services 10.9.3-00 |
In Red Hat Single Sign On existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zurückzuführen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Informationen offenzulegen oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Quarkus
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:quarkus
|
Quarkus | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat JBoss A-MQ Streams < 2.4.0
Red Hat / JBoss A-MQ
|
Streams < 2.4.0 | ||
|
Hitachi Ops Center < Common Services 10.9.3-00
Hitachi / Ops Center
|
< Common Services 10.9.3-00 |
In Red Hat Single Sign On existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zurückzuführen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Informationen offenzulegen oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Quarkus
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:quarkus
|
Quarkus | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat JBoss A-MQ Streams < 2.4.0
Red Hat / JBoss A-MQ
|
Streams < 2.4.0 | ||
|
Hitachi Ops Center < Common Services 10.9.3-00
Hitachi / Ops Center
|
< Common Services 10.9.3-00 |
In Red Hat Single Sign On existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zurückzuführen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Informationen offenzulegen oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Quarkus
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:quarkus
|
Quarkus | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat JBoss A-MQ Streams < 2.4.0
Red Hat / JBoss A-MQ
|
Streams < 2.4.0 | ||
|
Hitachi Ops Center < Common Services 10.9.3-00
Hitachi / Ops Center
|
< Common Services 10.9.3-00 |
In Red Hat Single Sign On existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zurückzuführen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Informationen offenzulegen oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Quarkus
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:quarkus
|
Quarkus | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat JBoss A-MQ Streams < 2.4.0
Red Hat / JBoss A-MQ
|
Streams < 2.4.0 | ||
|
Hitachi Ops Center < Common Services 10.9.3-00
Hitachi / Ops Center
|
< Common Services 10.9.3-00 |
References
15 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Single Sign-On ist ein eigenst\u00e4ndiger Server, basierend auf dem Keycloak Projekt.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Single Sign On ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, Informationen offenzulegen oder Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1193 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1193.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1193 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1193"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:2705 vom 2023-05-10",
"url": "https://access.redhat.com/errata/RHSA-2023:2705"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:2706 vom 2023-05-10",
"url": "https://access.redhat.com/errata/RHSA-2023:2706"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:2707 vom 2023-05-10",
"url": "https://access.redhat.com/errata/RHSA-2023:2707"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:2710 vom 2023-05-10",
"url": "https://access.redhat.com/errata/RHSA-2023:2710"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:2713 vom 2023-05-10",
"url": "https://access.redhat.com/errata/RHSA-2023:2713"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3223 vom 2023-05-18",
"url": "https://access.redhat.com/errata/RHSA-2023:3223"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3815 vom 2023-06-27",
"url": "https://access.redhat.com/errata/RHSA-2023:3815"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3813 vom 2023-06-27",
"url": "https://access.redhat.com/errata/RHSA-2023:3813"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3809 vom 2023-06-29",
"url": "https://access.redhat.com/errata/RHSA-2023:3809"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4983 vom 2023-09-05",
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5165 vom 2023-09-14",
"url": "https://access.redhat.com/errata/RHSA-2023:5165"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2023-143 vom 2023-10-03",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-143/index.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1353 vom 2024-03-18",
"url": "https://access.redhat.com/errata/RHSA-2024:1353"
}
],
"source_lang": "en-US",
"title": "Red Hat Single Sign On: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-03-17T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:50:43.713+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1193",
"initial_release_date": "2023-05-10T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-05-10T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-05-18T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-27T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-29T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-09-05T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-09-14T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-10-03T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2024-03-17T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "8"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c Common Services 10.9.3-00",
"product": {
"name": "Hitachi Ops Center \u003c Common Services 10.9.3-00",
"product_id": "T030195"
}
}
],
"category": "product_name",
"name": "Ops Center"
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "Quarkus",
"product": {
"name": "Red Hat Enterprise Linux Quarkus",
"product_id": "T028364",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:quarkus"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Streams \u003c 2.4.0",
"product": {
"name": "Red Hat JBoss A-MQ Streams \u003c 2.4.0",
"product_id": "T027764"
}
}
],
"category": "product_name",
"name": "JBoss A-MQ"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 7.6.3",
"product": {
"name": "Red Hat Single Sign On \u003c 7.6.3",
"product_id": "T027699"
}
}
],
"category": "product_name",
"name": "Single Sign On"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-0482",
"notes": [
{
"category": "description",
"text": "In Red Hat Single Sign On existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T028364",
"67646",
"T027764",
"T030195"
]
},
"release_date": "2023-05-10T22:00:00.000+00:00",
"title": "CVE-2023-0482"
},
{
"cve": "CVE-2022-45787",
"notes": [
{
"category": "description",
"text": "In Red Hat Single Sign On existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T028364",
"67646",
"T027764",
"T030195"
]
},
"release_date": "2023-05-10T22:00:00.000+00:00",
"title": "CVE-2022-45787"
},
{
"cve": "CVE-2022-4492",
"notes": [
{
"category": "description",
"text": "In Red Hat Single Sign On existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T028364",
"67646",
"T027764",
"T030195"
]
},
"release_date": "2023-05-10T22:00:00.000+00:00",
"title": "CVE-2022-4492"
},
{
"cve": "CVE-2022-41881",
"notes": [
{
"category": "description",
"text": "In Red Hat Single Sign On existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T028364",
"67646",
"T027764",
"T030195"
]
},
"release_date": "2023-05-10T22:00:00.000+00:00",
"title": "CVE-2022-41881"
},
{
"cve": "CVE-2022-41854",
"notes": [
{
"category": "description",
"text": "In Red Hat Single Sign On existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T028364",
"67646",
"T027764",
"T030195"
]
},
"release_date": "2023-05-10T22:00:00.000+00:00",
"title": "CVE-2022-41854"
},
{
"cve": "CVE-2022-38752",
"notes": [
{
"category": "description",
"text": "In Red Hat Single Sign On existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T028364",
"67646",
"T027764",
"T030195"
]
},
"release_date": "2023-05-10T22:00:00.000+00:00",
"title": "CVE-2022-38752"
},
{
"cve": "CVE-2021-0341",
"notes": [
{
"category": "description",
"text": "In Red Hat Single Sign On existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T028364",
"67646",
"T027764",
"T030195"
]
},
"release_date": "2023-05-10T22:00:00.000+00:00",
"title": "CVE-2021-0341"
}
]
}
WID-SEC-W-2023-1755
Vulnerability from csaf_certbund - Published: 2023-07-16 22:00 - Updated: 2023-07-16 22:00Summary
IBM InfoSphere Information Server: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM InfoSphere Information Server ist eine Softwareplattform zur Integration heterogener Daten.
Angriff: Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM InfoSphere Information Server ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme: - UNIX
- Linux
- Windows
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "SnakeYAML", "netplex json-smart-v2", "VMware Tanzu Spring Framework" sowie "undertow" zurückzuführen. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server 11.7
IBM
|
cpe:/a:ibm:infosphere_information_server:11.7
|
— |
References
6 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM InfoSphere Information Server ist eine Softwareplattform zur Integration heterogener Daten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM InfoSphere Information Server ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1755 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1755.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1755 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1755"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 7007051 vom 2023-07-16",
"url": "https://www.ibm.com/support/pages/node/7007051"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6988683 vom 2023-07-16",
"url": "https://www.ibm.com/support/pages/node/6988683"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6988679 vom 2023-07-16",
"url": "https://www.ibm.com/support/pages/node/6988679"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6988677 vom 2023-07-16",
"url": "https://www.ibm.com/support/pages/node/6988677"
}
],
"source_lang": "en-US",
"title": "IBM InfoSphere Information Server: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-07-16T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:55:36.670+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1755",
"initial_release_date": "2023-07-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-07-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM InfoSphere Information Server 11.7",
"product": {
"name": "IBM InfoSphere Information Server 11.7",
"product_id": "444803",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_information_server:11.7"
}
}
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2861",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2023-2861"
},
{
"cve": "CVE-2023-20861",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2023-20861"
},
{
"cve": "CVE-2023-20860",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2023-20860"
},
{
"cve": "CVE-2023-1370",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2023-1370"
},
{
"cve": "CVE-2023-1108",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2023-1108"
},
{
"cve": "CVE-2022-4492",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2022-4492"
},
{
"cve": "CVE-2022-41854",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2022-41854"
},
{
"cve": "CVE-2022-38752",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2022-38752"
},
{
"cve": "CVE-2022-38751",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2022-38751"
},
{
"cve": "CVE-2022-38750",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2022-38750"
},
{
"cve": "CVE-2022-38749",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2022-38749"
},
{
"cve": "CVE-2022-25857",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2022-25857"
},
{
"cve": "CVE-2022-1471",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2022-1471"
},
{
"cve": "CVE-2022-1259",
"notes": [
{
"category": "description",
"text": "In IBM InfoSphere Information Server existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"SnakeYAML\", \"netplex json-smart-v2\", \"VMware Tanzu Spring Framework\" sowie \"undertow\" zur\u00fcckzuf\u00fchren. Ein Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"444803"
]
},
"release_date": "2023-07-16T22:00:00.000+00:00",
"title": "CVE-2022-1259"
}
]
}
WID-SEC-W-2023-2679
Vulnerability from csaf_certbund - Published: 2023-10-17 22:00 - Updated: 2023-10-17 22:00Summary
Oracle Communications: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - UNIX
- Linux
- Windows
- Sonstiges
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications 23.2.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.0
|
— | |
|
Oracle Communications 23.2.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.1
|
— | |
|
Oracle Communications 4.1
Oracle / Communications
|
cpe:/a:oracle:communications:4.1
|
— | |
|
Oracle Communications 23.1.3
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.3
|
— | |
|
Oracle Communications 23.1.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.2
|
— | |
|
Oracle Communications 23.3.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.3.0
|
— | |
|
Oracle Communications 9.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.0.0
|
— | |
|
Oracle Communications 12.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:12.6.0.0
|
— | |
|
Oracle Communications 7.2.0.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.0.0.0
|
— | |
|
Oracle Communications 23.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0.0
|
— | |
|
Oracle Communications 9.1.1.6.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.6.0
|
— | |
|
Oracle Communications 7.2.1.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:7.2.1.0.0
|
— | |
|
Oracle Communications 3.3
Oracle / Communications
|
cpe:/a:oracle:communications:3.3
|
— | |
|
Oracle Communications 5.0
Oracle / Communications
|
cpe:/a:oracle:communications:5.0
|
— | |
|
Oracle Communications 23.1.1
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.1
|
— | |
|
Oracle Communications 23.1.0
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.0
|
— | |
|
Oracle Communications 4.0
Oracle / Communications
|
cpe:/a:oracle:communications:4.0
|
— | |
|
Oracle Communications 8.6.0.0
Oracle / Communications
|
cpe:/a:oracle:communications:8.6.0.0
|
— | |
|
Oracle Communications 5.1
Oracle / Communications
|
cpe:/a:oracle:communications:5.1
|
— | |
|
Oracle Communications 9.1.1.5.0
Oracle / Communications
|
cpe:/a:oracle:communications:9.1.1.5.0
|
— |
Last affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Communications <= 9.0.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.0.2
|
— | |
|
Oracle Communications <= 23.1.8
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.8
|
— | |
|
Oracle Communications <= 9.2
Oracle / Communications
|
cpe:/a:oracle:communications:9.2
|
— | |
|
Oracle Communications <= 23.2.4
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.4
|
— | |
|
Oracle Communications <= 23.2.2
Oracle / Communications
|
cpe:/a:oracle:communications:23.2.2
|
— | |
|
Oracle Communications <= 23.1.7
Oracle / Communications
|
cpe:/a:oracle:communications:23.1.7
|
— |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Communications umfasst branchenspezifische L\u00f6sungen f\u00fcr die Telekommunikationsbranche.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2679 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2679.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2679 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2679"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - October 2023 - Appendix Oracle Communications vom 2023-10-17",
"url": "https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixCGBU"
}
],
"source_lang": "en-US",
"title": "Oracle Communications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-10-17T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:00:00.988+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2679",
"initial_release_date": "2023-10-17T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-17T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Communications 3.3",
"product": {
"name": "Oracle Communications 3.3",
"product_id": "T020687",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:3.3"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 5.0",
"product": {
"name": "Oracle Communications 5.0",
"product_id": "T021645",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:5.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 8.6.0.0",
"product": {
"name": "Oracle Communications 8.6.0.0",
"product_id": "T024970",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:8.6.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 23.1.0",
"product": {
"name": "Oracle Communications 23.1.0",
"product_id": "T027326",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.1.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 23.1.1",
"product": {
"name": "Oracle Communications 23.1.1",
"product_id": "T027329",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.1.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 4.0",
"product": {
"name": "Oracle Communications 4.0",
"product_id": "T027337",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:4.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 23.1.2",
"product": {
"name": "Oracle Communications 23.1.2",
"product_id": "T028681",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.1.2"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 23.2.0",
"product": {
"name": "Oracle Communications 23.2.0",
"product_id": "T028682",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.2.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 5.1",
"product": {
"name": "Oracle Communications 5.1",
"product_id": "T028684",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:5.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 9.1.1.5.0",
"product": {
"name": "Oracle Communications 9.1.1.5.0",
"product_id": "T028685",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:9.1.1.5.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications \u003c= 23.1.7",
"product": {
"name": "Oracle Communications \u003c= 23.1.7",
"product_id": "T030582",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.1.7"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications \u003c= 23.2.2",
"product": {
"name": "Oracle Communications \u003c= 23.2.2",
"product_id": "T030583",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.2.2"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 23.1.3",
"product": {
"name": "Oracle Communications 23.1.3",
"product_id": "T030584",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.1.3"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 23.2.1",
"product": {
"name": "Oracle Communications 23.2.1",
"product_id": "T030585",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.2.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 23.3.0",
"product": {
"name": "Oracle Communications 23.3.0",
"product_id": "T030586",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.3.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications \u003c= 23.1.8",
"product": {
"name": "Oracle Communications \u003c= 23.1.8",
"product_id": "T030587",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.1.8"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications \u003c= 23.2.4",
"product": {
"name": "Oracle Communications \u003c= 23.2.4",
"product_id": "T030588",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.2.4"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 9.0.0.0",
"product": {
"name": "Oracle Communications 9.0.0.0",
"product_id": "T030589",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:9.0.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 12.6.0.0",
"product": {
"name": "Oracle Communications 12.6.0.0",
"product_id": "T030590",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:12.6.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 23.1.0.0",
"product": {
"name": "Oracle Communications 23.1.0.0",
"product_id": "T030591",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:23.1.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 7.2.0.0.0",
"product": {
"name": "Oracle Communications 7.2.0.0.0",
"product_id": "T030592",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:7.2.0.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 7.2.1.0.0",
"product": {
"name": "Oracle Communications 7.2.1.0.0",
"product_id": "T030593",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:7.2.1.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 9.1.1.6.0",
"product": {
"name": "Oracle Communications 9.1.1.6.0",
"product_id": "T030594",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:9.1.1.6.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications \u003c= 9.0.2",
"product": {
"name": "Oracle Communications \u003c= 9.0.2",
"product_id": "T030595",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:9.0.2"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications 4.1",
"product": {
"name": "Oracle Communications 4.1",
"product_id": "T030596",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:4.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Communications \u003c= 9.2",
"product": {
"name": "Oracle Communications \u003c= 9.2",
"product_id": "T030597",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:communications:9.2"
}
}
}
],
"category": "product_name",
"name": "Communications"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-41080",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-41080"
},
{
"cve": "CVE-2023-4039",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-4039"
},
{
"cve": "CVE-2023-40167",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-40167"
},
{
"cve": "CVE-2023-38408",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-38408"
},
{
"cve": "CVE-2023-3824",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-3824"
},
{
"cve": "CVE-2023-3635",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-3635"
},
{
"cve": "CVE-2023-35788",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-35788"
},
{
"cve": "CVE-2023-34981",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-34981"
},
{
"cve": "CVE-2023-34462",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-34462"
},
{
"cve": "CVE-2023-34396",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-34396"
},
{
"cve": "CVE-2023-34034",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-34034"
},
{
"cve": "CVE-2023-33201",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-33201"
},
{
"cve": "CVE-2023-30861",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-30861"
},
{
"cve": "CVE-2023-2976",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-2976"
},
{
"cve": "CVE-2023-29491",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-29491"
},
{
"cve": "CVE-2023-28484",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-28484"
},
{
"cve": "CVE-2023-26604",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-26604"
},
{
"cve": "CVE-2023-26049",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-26049"
},
{
"cve": "CVE-2023-26048",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-26048"
},
{
"cve": "CVE-2023-2603",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-2603"
},
{
"cve": "CVE-2023-23931",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-23931"
},
{
"cve": "CVE-2023-2283",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-2283"
},
{
"cve": "CVE-2023-22083",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-22083"
},
{
"cve": "CVE-2023-20883",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-20883"
},
{
"cve": "CVE-2023-20863",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-20863"
},
{
"cve": "CVE-2023-0361",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2023-0361"
},
{
"cve": "CVE-2022-4899",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-4899"
},
{
"cve": "CVE-2022-45688",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-45688"
},
{
"cve": "CVE-2022-45061",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-45061"
},
{
"cve": "CVE-2022-4492",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-4492"
},
{
"cve": "CVE-2022-42920",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-42920"
},
{
"cve": "CVE-2022-40982",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-40982"
},
{
"cve": "CVE-2022-36944",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-36944"
},
{
"cve": "CVE-2022-25147",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-25147"
},
{
"cve": "CVE-2022-24834",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-24834"
},
{
"cve": "CVE-2022-24329",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2022-24329"
},
{
"cve": "CVE-2021-41945",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2021-41945"
},
{
"cve": "CVE-2021-37533",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2021-37533"
},
{
"cve": "CVE-2020-7760",
"notes": [
{
"category": "description",
"text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T028682",
"T030585",
"T030596",
"T030584",
"T028681",
"T030586",
"T030589",
"T030590",
"T030592",
"T030591",
"T030594",
"T030593",
"T020687",
"T021645",
"T027329",
"T027326",
"T027337",
"T024970",
"T028684",
"T028685"
],
"last_affected": [
"T030595",
"T030587",
"T030597",
"T030588",
"T030583",
"T030582"
]
},
"release_date": "2023-10-17T22:00:00.000+00:00",
"title": "CVE-2020-7760"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…