Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-46364 (GCVE-0-2022-46364)
Vulnerability from cvelistv5 – Published: 2022-12-13 16:20 – Updated: 2025-04-22 02:48
VLAI
EPSS
Title
Apache CXF SSRF Vulnerability
Summary
A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cxf.apache.org/security-advisories.data/C… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache CXF |
Affected:
0 , < 3.5.5
(custom)
Affected: 0 , < 3.4.10 (custom) |
Credits
thanat0s from Beijin Qihoo 360 adlab
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46364",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T02:48:12.377210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T02:48:36.211Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CXF",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.5.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.4.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "thanat0s from Beijin Qihoo 360 adlab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SSRF vulnerability in parsing the\u0026nbsp;href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.\u0026nbsp;"
}
],
"value": "A SSRF vulnerability in parsing the\u00a0href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.\u00a0"
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T16:20:26.765Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache CXF SSRF Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-46364",
"datePublished": "2022-12-13T16:20:26.765Z",
"dateReserved": "2022-12-02T08:07:46.894Z",
"dateUpdated": "2025-04-22T02:48:36.211Z",
"requesterUserId": "cf81350d-439c-4450-9d42-0a054bb6b6c9",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-46364",
"date": "2026-06-22",
"epss": "0.0193",
"percentile": "0.77363"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.4.10\", \"matchCriteriaId\": \"17B5E32D-A436-4C79-BEE9-6A2DB162DC66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.5.0\", \"versionEndExcluding\": \"3.5.5\", \"matchCriteriaId\": \"11EC4474-4CB6-47CD-9E3D-A998A3C7226C\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A SSRF vulnerability in parsing the\\u00a0href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.\\u00a0\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad SSRF al analizar el atributo href de XOP: Incluir en solicitudes MTOM en versiones de Apache CXF anteriores a 3.5.5 y 3.4.10 permite a un atacante realizar ataques de estilo SSRF en servicios web que toman al menos un par\\u00e1metro de cualquier tipo.\"}]",
"id": "CVE-2022-46364",
"lastModified": "2024-11-21T07:30:28.037",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2022-12-13T17:15:17.587",
"references": "[{\"url\": \"https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2\", \"source\": \"security@apache.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-918\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-46364\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2022-12-13T17:15:17.587\",\"lastModified\":\"2025-04-22T03:15:20.907\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A SSRF vulnerability in parsing the\u00a0href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.\u00a0\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad SSRF al analizar el atributo href de XOP: Incluir en solicitudes MTOM en versiones de Apache CXF anteriores a 3.5.5 y 3.4.10 permite a un atacante realizar ataques de estilo SSRF en servicios web que toman al menos un par\u00e1metro de cualquier tipo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.4.10\",\"matchCriteriaId\":\"17B5E32D-A436-4C79-BEE9-6A2DB162DC66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.5.0\",\"versionEndExcluding\":\"3.5.5\",\"matchCriteriaId\":\"11EC4474-4CB6-47CD-9E3D-A998A3C7226C\"}]}]}],\"references\":[{\"url\":\"https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T14:31:46.249Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-46364\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-22T02:48:12.377210Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-22T02:48:32.213Z\"}}], \"cna\": {\"title\": \"Apache CXF SSRF Vulnerability\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"thanat0s from Beijin Qihoo 360 adlab\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"important\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache CXF\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.5.5\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.4.10\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A SSRF vulnerability in parsing the\\u00a0href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.\\u00a0\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A SSRF vulnerability in parsing the\u0026nbsp;href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.\u0026nbsp;\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918 Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2022-12-13T16:20:26.765Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-46364\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-22T02:48:36.211Z\", \"dateReserved\": \"2022-12-02T08:07:46.894Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2022-12-13T16:20:26.765Z\", \"requesterUserId\": \"cf81350d-439c-4450-9d42-0a054bb6b6c9\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2023_1049
Vulnerability from csaf_redhat - Published: 2023-03-01 21:58 - Updated: 2024-12-18 00:38Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update
Severity
Important
Notes
Topic: A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.6.2 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* keycloak: missing email notification template allowlist (CVE-2022-1274)
* keycloak: minimist: prototype pollution (CVE-2021-44906)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)
* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)
* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)
* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)
* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)
* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
* jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)
* keycloak: reflected XSS attack (CVE-2022-4137)
* Keycloak Node.js Adapter: Open redirect vulnerability in checkSSO (CVE-2022-2237)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.
5.6 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in jQuery. HTML containing \<option\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.
7.6 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.
6.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function.
6.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LAST_CHUNK from the bytes, causing a denial of service.
4.2 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.
6.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.
CWE-20 - Improper Input ValidationAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in Keycloak's OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, Integrity, and availability.
4.6 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Single Sign-On 7
Red Hat / Red Hat Single Sign-On
|
cpe:/a:redhat:red_hat_single_sign_on:7.6
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
185 references
Acknowledgments
usd AG
Marcus Nilsson
SISOFT s.c.
Grzegorz Tworek
NETAŞ PENTEST TEAM
Aytaç Kalıncı
Ilker Bulgurcu
Yasin Yılmaz
Trifork
Peter Flintholm
https://github.com/souravs17031999
Sourav Kumar
A1 Digital
Jordi Zayuelas i Muñoz
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.2 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n* keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* keycloak: missing email notification template allowlist (CVE-2022-1274)\n* keycloak: minimist: prototype pollution (CVE-2021-44906)\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n* keycloak: reflected XSS attack (CVE-2022-4137)\n* Keycloak Node.js Adapter: Open redirect vulnerability in checkSSO (CVE-2022-2237)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1049",
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "2031904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904"
},
{
"category": "external",
"summary": "2066009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
},
{
"category": "external",
"summary": "2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "2073157",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157"
},
{
"category": "external",
"summary": "2097007",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097007"
},
{
"category": "external",
"summary": "2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "external",
"summary": "2117506",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506"
},
{
"category": "external",
"summary": "2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "2129706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706"
},
{
"category": "external",
"summary": "2129707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707"
},
{
"category": "external",
"summary": "2129709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "2138971",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971"
},
{
"category": "external",
"summary": "2140597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597"
},
{
"category": "external",
"summary": "2141404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404"
},
{
"category": "external",
"summary": "2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "2148496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148496"
},
{
"category": "external",
"summary": "2150009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009"
},
{
"category": "external",
"summary": "2155681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681"
},
{
"category": "external",
"summary": "2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "2156263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263"
},
{
"category": "external",
"summary": "2156324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
},
{
"category": "external",
"summary": "2158585",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585"
},
{
"category": "external",
"summary": "2160585",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1049.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update",
"tracking": {
"current_release_date": "2024-12-18T00:38:25+00:00",
"generator": {
"date": "2024-12-18T00:38:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:1049",
"initial_release_date": "2023-03-01T21:58:17+00:00",
"revision_history": [
{
"date": "2023-03-01T21:58:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-01T21:58:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-18T00:38:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Single Sign-On 7",
"product": {
"name": "Red Hat Single Sign-On 7",
"product_id": "Red Hat Single Sign-On 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Single Sign-On"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-14040",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601614"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14040"
},
{
"category": "external",
"summary": "RHBZ#1601614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute"
},
{
"cve": "CVE-2018-14042",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2018-07-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601617"
}
],
"notes": [
{
"category": "description",
"text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14042"
},
{
"category": "external",
"summary": "RHBZ#1601617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042"
}
],
"release_date": "2018-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip"
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701972"
}
],
"notes": [
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11358"
},
{
"category": "external",
"summary": "RHBZ#1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"category": "external",
"summary": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
}
],
"release_date": "2019-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. However, the vulnerability has not been found to be exploitable in reasonable scenarios. \n\nIn RHEL7, pcs-0.9.169-3.el7_9.3 [RHSA-2022:7343] contains an updated version of jquery (3.6.0), which does not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
},
{
"cve": "CVE-2021-35065",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-12-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2156324"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glob-parent: Regular Expression Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-35065"
},
{
"category": "external",
"summary": "RHBZ#2156324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294",
"url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294"
}
],
"release_date": "2022-12-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "glob-parent: Regular Expression Denial of Service"
},
{
"cve": "CVE-2021-44906",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2066009"
}
],
"notes": [
{
"category": "description",
"text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimist: prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44906"
},
{
"category": "external",
"summary": "RHBZ#2066009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
"url": "https://github.com/advisories/GHSA-xvch-5gv4-984h"
}
],
"release_date": "2022-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimist: prototype pollution"
},
{
"acknowledgments": [
{
"names": [
"Marcus Nilsson"
],
"organization": "usd AG"
}
],
"cve": "CVE-2022-1274",
"cwe": {
"id": "CWE-80",
"name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
},
"discovery_date": "2022-04-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2073157"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: HTML injection in execute-actions-email Admin REST API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1274"
},
{
"category": "external",
"summary": "RHBZ#2073157",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1274",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1274"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274"
},
{
"category": "external",
"summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725",
"url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725"
}
],
"release_date": "2023-02-28T18:57:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: HTML injection in execute-actions-email Admin REST API"
},
{
"acknowledgments": [
{
"names": [
"Grzegorz Tworek"
],
"organization": "SISOFT s.c."
}
],
"cve": "CVE-2022-1438",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2021-12-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2031904"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: XSS on impersonation under specific circumstances",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1438"
},
{
"category": "external",
"summary": "RHBZ#2031904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1438",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1438"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438"
}
],
"release_date": "2023-02-28T18:56:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: XSS on impersonation under specific circumstances"
},
{
"cve": "CVE-2022-1471",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-12-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2150009"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SnakeYaml: Constructor Deserialization Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml\u0027s SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker\u0027s control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml\u0027s Constructor class nor pass untrusted data to this class. When this class is used, it\u2019s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1471"
},
{
"category": "external",
"summary": "RHBZ#2150009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471"
},
{
"category": "external",
"summary": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2",
"url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2"
}
],
"release_date": "2022-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "SnakeYaml: Constructor Deserialization Remote Code Execution"
},
{
"acknowledgments": [
{
"names": [
"Ayta\u00e7 Kal\u0131nc\u0131",
"Ilker Bulgurcu",
"Yasin Y\u0131lmaz"
],
"organization": "NETA\u015e PENTEST TEAM"
}
],
"cve": "CVE-2022-2237",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2022-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2097007"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Adapter: Open redirect vulnerability in checkSSO",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CodeReady Studio is no longer supported. Therefore, this flaw will not be addressed in CodeReady Studio. Please see https://developers.redhat.com/articles/2022/04/18/announcement-red-hat-codeready-studio-reaches-end-life for more information.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2237"
},
{
"category": "external",
"summary": "RHBZ#2097007",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097007"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2237",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2237"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2237",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2237"
}
],
"release_date": "2023-03-01T13:57:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Adapter: Open redirect vulnerability in checkSSO"
},
{
"cve": "CVE-2022-2764",
"discovery_date": "2022-08-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2117506"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LAST_CHUNK from the bytes, causing a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2764"
},
{
"category": "external",
"summary": "RHBZ#2117506",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2764",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2764"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764"
}
],
"release_date": "2022-08-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations"
},
{
"cve": "CVE-2022-3782",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-10-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2138971"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: path traversal via double URL encoding",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3782"
},
{
"category": "external",
"summary": "RHBZ#2138971",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3782"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3782"
}
],
"release_date": "2022-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak: path traversal via double URL encoding"
},
{
"acknowledgments": [
{
"names": [
"Peter Flintholm"
],
"organization": "Trifork"
}
],
"cve": "CVE-2022-3916",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2022-11-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2141404"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Session takeover with OIDC offline refreshtokens",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3916"
},
{
"category": "external",
"summary": "RHBZ#2141404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3916"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916"
}
],
"release_date": "2022-11-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: Session takeover with OIDC offline refreshtokens"
},
{
"cve": "CVE-2022-4137",
"cwe": {
"id": "CWE-81",
"name": "Improper Neutralization of Script in an Error Message Web Page"
},
"discovery_date": "2022-11-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2148496"
}
],
"notes": [
{
"category": "description",
"text": "A reflected cross-site scripting (XSS) vulnerability was found in the \u0027oob\u0027 OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: reflected XSS attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-4137"
},
{
"category": "external",
"summary": "RHBZ#2148496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148496"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-4137",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4137"
}
],
"release_date": "2023-03-01T13:56:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak: reflected XSS attack"
},
{
"cve": "CVE-2022-24785",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-04-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072009"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moment.js: Path traversal in moment.locale",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24785"
},
{
"category": "external",
"summary": "RHBZ#2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
"url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
}
],
"release_date": "2022-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
},
{
"category": "workaround",
"details": "Sanitize the user-provided locale name before passing it to Moment.js.",
"product_ids": [
"Red Hat Single Sign-On 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moment.js: Path traversal in moment.locale"
},
{
"cve": "CVE-2022-25857",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2126789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25857"
},
{
"category": "external",
"summary": "RHBZ#2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525"
}
],
"release_date": "2022-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections"
},
{
"cve": "CVE-2022-31129",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-07-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2105075"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "moment: inefficient parsing algorithm resulting in DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31129"
},
{
"category": "external",
"summary": "RHBZ#2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g",
"url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g"
}
],
"release_date": "2022-07-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "moment: inefficient parsing algorithm resulting in DoS"
},
{
"cve": "CVE-2022-37603",
"cwe": {
"id": "CWE-185",
"name": "Incorrect Regular Expression"
},
"discovery_date": "2022-11-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2140597"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "loader-utils: Regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-37603"
},
{
"category": "external",
"summary": "RHBZ#2140597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603"
}
],
"release_date": "2022-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "loader-utils: Regular expression denial of service"
},
{
"cve": "CVE-2022-38749",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129706"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38749"
},
{
"category": "external",
"summary": "RHBZ#2129706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode"
},
{
"cve": "CVE-2022-38750",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38750"
},
{
"category": "external",
"summary": "RHBZ#2129707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject"
},
{
"cve": "CVE-2022-38751",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129709"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38751"
},
{
"category": "external",
"summary": "RHBZ#2129709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match"
},
{
"cve": "CVE-2022-40149",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135771"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: parser crash by stackoverflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40149"
},
{
"category": "external",
"summary": "RHBZ#2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: parser crash by stackoverflow"
},
{
"cve": "CVE-2022-40150",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135770"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: memory exhaustion via user-supplied XML or JSON data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40150"
},
{
"category": "external",
"summary": "RHBZ#2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jettison: memory exhaustion via user-supplied XML or JSON data"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2022-45047",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-11-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2145194"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mina-sshd: Java unsafe deserialization vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45047"
},
{
"category": "external",
"summary": "RHBZ#2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
"url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
}
],
"release_date": "2022-11-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
},
{
"category": "workaround",
"details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).",
"product_ids": [
"Red Hat Single Sign-On 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mina-sshd: Java unsafe deserialization vulnerability"
},
{
"cve": "CVE-2022-45693",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45693"
},
{
"category": "external",
"summary": "RHBZ#2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos"
},
{
"cve": "CVE-2022-46175",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-12-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2156263"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json5: Prototype Pollution in JSON5 via Parse Method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46175"
},
{
"category": "external",
"summary": "RHBZ#2156263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175"
},
{
"category": "external",
"summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h",
"url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h"
}
],
"release_date": "2022-12-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "json5: Prototype Pollution in JSON5 via Parse Method"
},
{
"cve": "CVE-2022-46363",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155681"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: directory listing / code exfiltration",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46363"
},
{
"category": "external",
"summary": "RHBZ#2155681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46363",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c",
"url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "CXF: directory listing / code exfiltration"
},
{
"cve": "CVE-2022-46364",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155682"
}
],
"notes": [
{
"category": "description",
"text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: SSRF Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46364"
},
{
"category": "external",
"summary": "RHBZ#2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CXF: SSRF Vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Sourav Kumar"
],
"organization": "https://github.com/souravs17031999",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-0091",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2022-10-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2158585"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: Client Registration endpoint does not check token revocation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0091"
},
{
"category": "external",
"summary": "RHBZ#2158585",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0091"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091"
},
{
"category": "external",
"summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg",
"url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg"
},
{
"category": "external",
"summary": "https://github.com/keycloak/security/issues/27",
"url": "https://github.com/keycloak/security/issues/27"
}
],
"release_date": "2022-10-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "keycloak: Client Registration endpoint does not check token revocation"
},
{
"acknowledgments": [
{
"names": [
"Jordi Zayuelas i Mu\u00f1oz"
],
"organization": "A1 Digital",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-0264",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2023-01-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2160585"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak\u0027s OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, Integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: user impersonation via stolen uuid code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Single Sign-On 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0264"
},
{
"category": "external",
"summary": "RHBZ#2160585",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0264"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264"
}
],
"release_date": "2023-02-28T18:58:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-01T21:58:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Single Sign-On 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Single Sign-On 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "keycloak: user impersonation via stolen uuid code"
}
]
}
RHSA-2023_1285
Vulnerability from csaf_redhat - Published: 2023-03-16 07:57 - Updated: 2024-12-16 03:15Summary
Red Hat Security Advisory: Migration Toolkit for Runtimes security bug fix and enhancement update
Severity
Important
Notes
Topic: Migration Toolkit for Runtimes 1.0.2 release
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Migration Toolkit for Runtimes 1.0.2 ZIP artifacts
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690)
* Apache CXF: SSRF Vulnerability (CVE-2022-46364)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Migration Toolkit for Runtimes 1 on RHEL 8
Red Hat / Migration Toolkit for Runtimes
|
cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the Spring Security framework. Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client (via the browser) to the Authorization Server, an attacker can gain elevated privileges on the system.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Migration Toolkit for Runtimes 1 on RHEL 8
Red Hat / Migration Toolkit for Runtimes
|
cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Migration Toolkit for Runtimes 1 on RHEL 8
Red Hat / Migration Toolkit for Runtimes
|
cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Migration Toolkit for Runtimes 1.0.2 release\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Migration Toolkit for Runtimes 1.0.2 ZIP artifacts\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690)\n\n* Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1285",
"url": "https://access.redhat.com/errata/RHSA-2023:1285"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes\u0026downloadType=distributions",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes\u0026downloadType=distributions"
},
{
"category": "external",
"summary": "2138971",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971"
},
{
"category": "external",
"summary": "2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "2162200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162200"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1285.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Runtimes security bug fix and enhancement update",
"tracking": {
"current_release_date": "2024-12-16T03:15:20+00:00",
"generator": {
"date": "2024-12-16T03:15:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:1285",
"initial_release_date": "2023-03-16T07:57:03+00:00",
"revision_history": [
{
"date": "2023-03-16T07:57:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-16T07:57:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-16T03:15:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Migration Toolkit for Runtimes 1 on RHEL 8",
"product": {
"name": "Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "Migration Toolkit for Runtimes 1 on RHEL 8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
}
}
}
],
"category": "product_family",
"name": "Migration Toolkit for Runtimes"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-3782",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-10-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2138971"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: path traversal via double URL encoding",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3782"
},
{
"category": "external",
"summary": "RHBZ#2138971",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3782"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3782"
}
],
"release_date": "2022-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-16T07:57:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1285"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak: path traversal via double URL encoding"
},
{
"cve": "CVE-2022-31690",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"discovery_date": "2023-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2162200"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Spring Security framework. Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client (via the browser) to the Authorization Server, an attacker can gain elevated privileges on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration Camel-K, Camel-Quarkus, and Camel-SpringBoot do not directly use or ship the affected software, but do have references to it in their Maven POMs. As such their impact has been reduced to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31690"
},
{
"category": "external",
"summary": "RHBZ#2162200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162200"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31690",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31690"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31690",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31690"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2022-31690",
"url": "https://spring.io/security/cve-2022-31690"
}
],
"release_date": "2022-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-16T07:57:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1285"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client"
},
{
"cve": "CVE-2022-46364",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155682"
}
],
"notes": [
{
"category": "description",
"text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: SSRF Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46364"
},
{
"category": "external",
"summary": "RHBZ#2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-16T07:57:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1285"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CXF: SSRF Vulnerability"
}
]
}
RHSA-2023_1286
Vulnerability from csaf_redhat - Published: 2023-03-16 09:31 - Updated: 2024-12-17 22:56Summary
Red Hat Security Advisory: Migration Toolkit for Runtimes security bug fix and enhancement update
Severity
Important
Notes
Topic: Migration Toolkit for Runtimes 1.0.2 release
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Migration Toolkit for Runtimes 1.0.2 Images
Security Fix(es):
* spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690)
* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)
* Apache CXF: SSRF Vulnerability (CVE-2022-46364)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Spring Security framework. Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client (via the browser) to the Authorization Server, an attacker can gain elevated privileges on the system.
8.1 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6b9bd6697f4a84db25429f8ba1e13110bccb3d4b5c0c726f341ec47288f2f3c9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9642fbf1b7ad9bf5a0cca7c9905d00dc57d0f89397a0f990025ad7848c830495_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:ca075ce4c2061ae0c70dfca7376b9d9f016095b4a4d59c9af91dd42f6a2fc8a2_ppc64le | — |
Vendor Fix
fix
|
Known not affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:00a133578915e07a223f8c61015ad48d121d07ceb7a94639c9c696fa5bcfe99c_amd64 | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:0641798f8d433adc4e12e402aa1777a8034a0c670fe2cfa12335f1e07a289a8d_s390x | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:21bb017f2e1df373f1534242a1ea109de2fac61d72da1a68824bf8b4e317e567_ppc64le | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2422d9fa5d0855d037d4b6c30902a08455fa5abc5e71d21c60b1571d6205e61f_arm64 | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3365d73032b1bdc61609c643cb88b594431ee13ddb107abc8af075d105204672_ppc64le | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:768db938fe00ee47f03aeae89fd1c6a787f0c016753feb34cba30c4eb74cab61_s390x | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:7b641bdf5cf25092f85b6968930c587798239727581d376dbf39aeb913cd5965_arm64 | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:837c280f4154c26ff73f2990ec6b2263825ef090319345276f4aee0965276c84_amd64 | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:98ef1d7e8dd53c9f9ff491357f4bb29c22a8d777f646f4bec35d5799d4d4abb4_s390x | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b16e22796ed1319c330059f15daa827844a1d12d35bb2f2ffc8c2e35de388fe6_arm64 | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:ed14f2b7adeb8e5d111208c5882fd25412055dbdfb0173cc5a5309c83112e5a3_amd64 | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:fab2b8e08e484747d0409ca139551dc71783e08e7d6dfc6bce09df51a55023f7_ppc64le | — |
Threats
Impact
Important
A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6b9bd6697f4a84db25429f8ba1e13110bccb3d4b5c0c726f341ec47288f2f3c9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9642fbf1b7ad9bf5a0cca7c9905d00dc57d0f89397a0f990025ad7848c830495_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:ca075ce4c2061ae0c70dfca7376b9d9f016095b4a4d59c9af91dd42f6a2fc8a2_ppc64le | — |
Vendor Fix
fix
|
Known not affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:00a133578915e07a223f8c61015ad48d121d07ceb7a94639c9c696fa5bcfe99c_amd64 | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:0641798f8d433adc4e12e402aa1777a8034a0c670fe2cfa12335f1e07a289a8d_s390x | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:21bb017f2e1df373f1534242a1ea109de2fac61d72da1a68824bf8b4e317e567_ppc64le | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2422d9fa5d0855d037d4b6c30902a08455fa5abc5e71d21c60b1571d6205e61f_arm64 | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3365d73032b1bdc61609c643cb88b594431ee13ddb107abc8af075d105204672_ppc64le | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:768db938fe00ee47f03aeae89fd1c6a787f0c016753feb34cba30c4eb74cab61_s390x | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:7b641bdf5cf25092f85b6968930c587798239727581d376dbf39aeb913cd5965_arm64 | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:837c280f4154c26ff73f2990ec6b2263825ef090319345276f4aee0965276c84_amd64 | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:98ef1d7e8dd53c9f9ff491357f4bb29c22a8d777f646f4bec35d5799d4d4abb4_s390x | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b16e22796ed1319c330059f15daa827844a1d12d35bb2f2ffc8c2e35de388fe6_arm64 | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:ed14f2b7adeb8e5d111208c5882fd25412055dbdfb0173cc5a5309c83112e5a3_amd64 | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:fab2b8e08e484747d0409ca139551dc71783e08e7d6dfc6bce09df51a55023f7_ppc64le | — |
Threats
Impact
Important
A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
9.8 (Critical)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6b9bd6697f4a84db25429f8ba1e13110bccb3d4b5c0c726f341ec47288f2f3c9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9642fbf1b7ad9bf5a0cca7c9905d00dc57d0f89397a0f990025ad7848c830495_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:ca075ce4c2061ae0c70dfca7376b9d9f016095b4a4d59c9af91dd42f6a2fc8a2_ppc64le | — |
Vendor Fix
fix
|
Known not affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:00a133578915e07a223f8c61015ad48d121d07ceb7a94639c9c696fa5bcfe99c_amd64 | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:0641798f8d433adc4e12e402aa1777a8034a0c670fe2cfa12335f1e07a289a8d_s390x | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:21bb017f2e1df373f1534242a1ea109de2fac61d72da1a68824bf8b4e317e567_ppc64le | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2422d9fa5d0855d037d4b6c30902a08455fa5abc5e71d21c60b1571d6205e61f_arm64 | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3365d73032b1bdc61609c643cb88b594431ee13ddb107abc8af075d105204672_ppc64le | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:768db938fe00ee47f03aeae89fd1c6a787f0c016753feb34cba30c4eb74cab61_s390x | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:7b641bdf5cf25092f85b6968930c587798239727581d376dbf39aeb913cd5965_arm64 | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:837c280f4154c26ff73f2990ec6b2263825ef090319345276f4aee0965276c84_amd64 | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:98ef1d7e8dd53c9f9ff491357f4bb29c22a8d777f646f4bec35d5799d4d4abb4_s390x | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b16e22796ed1319c330059f15daa827844a1d12d35bb2f2ffc8c2e35de388fe6_arm64 | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:ed14f2b7adeb8e5d111208c5882fd25412055dbdfb0173cc5a5309c83112e5a3_amd64 | — | ||
| Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:fab2b8e08e484747d0409ca139551dc71783e08e7d6dfc6bce09df51a55023f7_ppc64le | — |
Threats
Impact
Important
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Migration Toolkit for Runtimes 1.0.2 release\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Migration Toolkit for Runtimes 1.0.2 Images\n\nSecurity Fix(es):\n\n* spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690)\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow (CVE-2022-41966)\n\n* Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1286",
"url": "https://access.redhat.com/errata/RHSA-2023:1286"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "2162200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162200"
},
{
"category": "external",
"summary": "2170431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1286.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Runtimes security bug fix and enhancement update",
"tracking": {
"current_release_date": "2024-12-17T22:56:12+00:00",
"generator": {
"date": "2024-12-17T22:56:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:1286",
"initial_release_date": "2023-03-16T09:31:14+00:00",
"revision_history": [
{
"date": "2023-03-16T09:31:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-16T09:31:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T22:56:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Migration Toolkit for Runtimes 1 on RHEL 8",
"product": {
"name": "Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
}
}
}
],
"category": "product_family",
"name": "Migration Toolkit for Runtimes"
},
{
"branches": [
{
"category": "product_version",
"name": "mtr/mtr-operator-bundle@sha256:21bb017f2e1df373f1534242a1ea109de2fac61d72da1a68824bf8b4e317e567_ppc64le",
"product": {
"name": "mtr/mtr-operator-bundle@sha256:21bb017f2e1df373f1534242a1ea109de2fac61d72da1a68824bf8b4e317e567_ppc64le",
"product_id": "mtr/mtr-operator-bundle@sha256:21bb017f2e1df373f1534242a1ea109de2fac61d72da1a68824bf8b4e317e567_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mtr-operator-bundle@sha256:21bb017f2e1df373f1534242a1ea109de2fac61d72da1a68824bf8b4e317e567?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.0-37"
}
}
},
{
"category": "product_version",
"name": "mtr/mtr-rhel8-operator@sha256:3365d73032b1bdc61609c643cb88b594431ee13ddb107abc8af075d105204672_ppc64le",
"product": {
"name": "mtr/mtr-rhel8-operator@sha256:3365d73032b1bdc61609c643cb88b594431ee13ddb107abc8af075d105204672_ppc64le",
"product_id": "mtr/mtr-rhel8-operator@sha256:3365d73032b1bdc61609c643cb88b594431ee13ddb107abc8af075d105204672_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mtr-rhel8-operator@sha256:3365d73032b1bdc61609c643cb88b594431ee13ddb107abc8af075d105204672?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.0-13"
}
}
},
{
"category": "product_version",
"name": "mtr/mtr-web-container-rhel8@sha256:ca075ce4c2061ae0c70dfca7376b9d9f016095b4a4d59c9af91dd42f6a2fc8a2_ppc64le",
"product": {
"name": "mtr/mtr-web-container-rhel8@sha256:ca075ce4c2061ae0c70dfca7376b9d9f016095b4a4d59c9af91dd42f6a2fc8a2_ppc64le",
"product_id": "mtr/mtr-web-container-rhel8@sha256:ca075ce4c2061ae0c70dfca7376b9d9f016095b4a4d59c9af91dd42f6a2fc8a2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mtr-web-container-rhel8@sha256:ca075ce4c2061ae0c70dfca7376b9d9f016095b4a4d59c9af91dd42f6a2fc8a2?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8\u0026tag=1.0-22"
}
}
},
{
"category": "product_version",
"name": "mtr/mtr-web-executor-container-rhel8@sha256:fab2b8e08e484747d0409ca139551dc71783e08e7d6dfc6bce09df51a55023f7_ppc64le",
"product": {
"name": "mtr/mtr-web-executor-container-rhel8@sha256:fab2b8e08e484747d0409ca139551dc71783e08e7d6dfc6bce09df51a55023f7_ppc64le",
"product_id": "mtr/mtr-web-executor-container-rhel8@sha256:fab2b8e08e484747d0409ca139551dc71783e08e7d6dfc6bce09df51a55023f7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:fab2b8e08e484747d0409ca139551dc71783e08e7d6dfc6bce09df51a55023f7?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.0-21"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "mtr/mtr-operator-bundle@sha256:0641798f8d433adc4e12e402aa1777a8034a0c670fe2cfa12335f1e07a289a8d_s390x",
"product": {
"name": "mtr/mtr-operator-bundle@sha256:0641798f8d433adc4e12e402aa1777a8034a0c670fe2cfa12335f1e07a289a8d_s390x",
"product_id": "mtr/mtr-operator-bundle@sha256:0641798f8d433adc4e12e402aa1777a8034a0c670fe2cfa12335f1e07a289a8d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mtr-operator-bundle@sha256:0641798f8d433adc4e12e402aa1777a8034a0c670fe2cfa12335f1e07a289a8d?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.0-37"
}
}
},
{
"category": "product_version",
"name": "mtr/mtr-rhel8-operator@sha256:768db938fe00ee47f03aeae89fd1c6a787f0c016753feb34cba30c4eb74cab61_s390x",
"product": {
"name": "mtr/mtr-rhel8-operator@sha256:768db938fe00ee47f03aeae89fd1c6a787f0c016753feb34cba30c4eb74cab61_s390x",
"product_id": "mtr/mtr-rhel8-operator@sha256:768db938fe00ee47f03aeae89fd1c6a787f0c016753feb34cba30c4eb74cab61_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mtr-rhel8-operator@sha256:768db938fe00ee47f03aeae89fd1c6a787f0c016753feb34cba30c4eb74cab61?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.0-13"
}
}
},
{
"category": "product_version",
"name": "mtr/mtr-web-container-rhel8@sha256:9642fbf1b7ad9bf5a0cca7c9905d00dc57d0f89397a0f990025ad7848c830495_s390x",
"product": {
"name": "mtr/mtr-web-container-rhel8@sha256:9642fbf1b7ad9bf5a0cca7c9905d00dc57d0f89397a0f990025ad7848c830495_s390x",
"product_id": "mtr/mtr-web-container-rhel8@sha256:9642fbf1b7ad9bf5a0cca7c9905d00dc57d0f89397a0f990025ad7848c830495_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mtr-web-container-rhel8@sha256:9642fbf1b7ad9bf5a0cca7c9905d00dc57d0f89397a0f990025ad7848c830495?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8\u0026tag=1.0-22"
}
}
},
{
"category": "product_version",
"name": "mtr/mtr-web-executor-container-rhel8@sha256:98ef1d7e8dd53c9f9ff491357f4bb29c22a8d777f646f4bec35d5799d4d4abb4_s390x",
"product": {
"name": "mtr/mtr-web-executor-container-rhel8@sha256:98ef1d7e8dd53c9f9ff491357f4bb29c22a8d777f646f4bec35d5799d4d4abb4_s390x",
"product_id": "mtr/mtr-web-executor-container-rhel8@sha256:98ef1d7e8dd53c9f9ff491357f4bb29c22a8d777f646f4bec35d5799d4d4abb4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:98ef1d7e8dd53c9f9ff491357f4bb29c22a8d777f646f4bec35d5799d4d4abb4?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.0-21"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "mtr/mtr-operator-bundle@sha256:00a133578915e07a223f8c61015ad48d121d07ceb7a94639c9c696fa5bcfe99c_amd64",
"product": {
"name": "mtr/mtr-operator-bundle@sha256:00a133578915e07a223f8c61015ad48d121d07ceb7a94639c9c696fa5bcfe99c_amd64",
"product_id": "mtr/mtr-operator-bundle@sha256:00a133578915e07a223f8c61015ad48d121d07ceb7a94639c9c696fa5bcfe99c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtr-operator-bundle@sha256:00a133578915e07a223f8c61015ad48d121d07ceb7a94639c9c696fa5bcfe99c?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.0-37"
}
}
},
{
"category": "product_version",
"name": "mtr/mtr-rhel8-operator@sha256:837c280f4154c26ff73f2990ec6b2263825ef090319345276f4aee0965276c84_amd64",
"product": {
"name": "mtr/mtr-rhel8-operator@sha256:837c280f4154c26ff73f2990ec6b2263825ef090319345276f4aee0965276c84_amd64",
"product_id": "mtr/mtr-rhel8-operator@sha256:837c280f4154c26ff73f2990ec6b2263825ef090319345276f4aee0965276c84_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtr-rhel8-operator@sha256:837c280f4154c26ff73f2990ec6b2263825ef090319345276f4aee0965276c84?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.0-13"
}
}
},
{
"category": "product_version",
"name": "mtr/mtr-web-container-rhel8@sha256:6b9bd6697f4a84db25429f8ba1e13110bccb3d4b5c0c726f341ec47288f2f3c9_amd64",
"product": {
"name": "mtr/mtr-web-container-rhel8@sha256:6b9bd6697f4a84db25429f8ba1e13110bccb3d4b5c0c726f341ec47288f2f3c9_amd64",
"product_id": "mtr/mtr-web-container-rhel8@sha256:6b9bd6697f4a84db25429f8ba1e13110bccb3d4b5c0c726f341ec47288f2f3c9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtr-web-container-rhel8@sha256:6b9bd6697f4a84db25429f8ba1e13110bccb3d4b5c0c726f341ec47288f2f3c9?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8\u0026tag=1.0-22"
}
}
},
{
"category": "product_version",
"name": "mtr/mtr-web-executor-container-rhel8@sha256:ed14f2b7adeb8e5d111208c5882fd25412055dbdfb0173cc5a5309c83112e5a3_amd64",
"product": {
"name": "mtr/mtr-web-executor-container-rhel8@sha256:ed14f2b7adeb8e5d111208c5882fd25412055dbdfb0173cc5a5309c83112e5a3_amd64",
"product_id": "mtr/mtr-web-executor-container-rhel8@sha256:ed14f2b7adeb8e5d111208c5882fd25412055dbdfb0173cc5a5309c83112e5a3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:ed14f2b7adeb8e5d111208c5882fd25412055dbdfb0173cc5a5309c83112e5a3?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.0-21"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "mtr/mtr-operator-bundle@sha256:2422d9fa5d0855d037d4b6c30902a08455fa5abc5e71d21c60b1571d6205e61f_arm64",
"product": {
"name": "mtr/mtr-operator-bundle@sha256:2422d9fa5d0855d037d4b6c30902a08455fa5abc5e71d21c60b1571d6205e61f_arm64",
"product_id": "mtr/mtr-operator-bundle@sha256:2422d9fa5d0855d037d4b6c30902a08455fa5abc5e71d21c60b1571d6205e61f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mtr-operator-bundle@sha256:2422d9fa5d0855d037d4b6c30902a08455fa5abc5e71d21c60b1571d6205e61f?arch=arm64\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.0-37"
}
}
},
{
"category": "product_version",
"name": "mtr/mtr-rhel8-operator@sha256:7b641bdf5cf25092f85b6968930c587798239727581d376dbf39aeb913cd5965_arm64",
"product": {
"name": "mtr/mtr-rhel8-operator@sha256:7b641bdf5cf25092f85b6968930c587798239727581d376dbf39aeb913cd5965_arm64",
"product_id": "mtr/mtr-rhel8-operator@sha256:7b641bdf5cf25092f85b6968930c587798239727581d376dbf39aeb913cd5965_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mtr-rhel8-operator@sha256:7b641bdf5cf25092f85b6968930c587798239727581d376dbf39aeb913cd5965?arch=arm64\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.0-13"
}
}
},
{
"category": "product_version",
"name": "mtr/mtr-web-executor-container-rhel8@sha256:b16e22796ed1319c330059f15daa827844a1d12d35bb2f2ffc8c2e35de388fe6_arm64",
"product": {
"name": "mtr/mtr-web-executor-container-rhel8@sha256:b16e22796ed1319c330059f15daa827844a1d12d35bb2f2ffc8c2e35de388fe6_arm64",
"product_id": "mtr/mtr-web-executor-container-rhel8@sha256:b16e22796ed1319c330059f15daa827844a1d12d35bb2f2ffc8c2e35de388fe6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:b16e22796ed1319c330059f15daa827844a1d12d35bb2f2ffc8c2e35de388fe6?arch=arm64\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.0-21"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-operator-bundle@sha256:00a133578915e07a223f8c61015ad48d121d07ceb7a94639c9c696fa5bcfe99c_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:00a133578915e07a223f8c61015ad48d121d07ceb7a94639c9c696fa5bcfe99c_amd64"
},
"product_reference": "mtr/mtr-operator-bundle@sha256:00a133578915e07a223f8c61015ad48d121d07ceb7a94639c9c696fa5bcfe99c_amd64",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-operator-bundle@sha256:0641798f8d433adc4e12e402aa1777a8034a0c670fe2cfa12335f1e07a289a8d_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:0641798f8d433adc4e12e402aa1777a8034a0c670fe2cfa12335f1e07a289a8d_s390x"
},
"product_reference": "mtr/mtr-operator-bundle@sha256:0641798f8d433adc4e12e402aa1777a8034a0c670fe2cfa12335f1e07a289a8d_s390x",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-operator-bundle@sha256:21bb017f2e1df373f1534242a1ea109de2fac61d72da1a68824bf8b4e317e567_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:21bb017f2e1df373f1534242a1ea109de2fac61d72da1a68824bf8b4e317e567_ppc64le"
},
"product_reference": "mtr/mtr-operator-bundle@sha256:21bb017f2e1df373f1534242a1ea109de2fac61d72da1a68824bf8b4e317e567_ppc64le",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-operator-bundle@sha256:2422d9fa5d0855d037d4b6c30902a08455fa5abc5e71d21c60b1571d6205e61f_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2422d9fa5d0855d037d4b6c30902a08455fa5abc5e71d21c60b1571d6205e61f_arm64"
},
"product_reference": "mtr/mtr-operator-bundle@sha256:2422d9fa5d0855d037d4b6c30902a08455fa5abc5e71d21c60b1571d6205e61f_arm64",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-rhel8-operator@sha256:3365d73032b1bdc61609c643cb88b594431ee13ddb107abc8af075d105204672_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3365d73032b1bdc61609c643cb88b594431ee13ddb107abc8af075d105204672_ppc64le"
},
"product_reference": "mtr/mtr-rhel8-operator@sha256:3365d73032b1bdc61609c643cb88b594431ee13ddb107abc8af075d105204672_ppc64le",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-rhel8-operator@sha256:768db938fe00ee47f03aeae89fd1c6a787f0c016753feb34cba30c4eb74cab61_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:768db938fe00ee47f03aeae89fd1c6a787f0c016753feb34cba30c4eb74cab61_s390x"
},
"product_reference": "mtr/mtr-rhel8-operator@sha256:768db938fe00ee47f03aeae89fd1c6a787f0c016753feb34cba30c4eb74cab61_s390x",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-rhel8-operator@sha256:7b641bdf5cf25092f85b6968930c587798239727581d376dbf39aeb913cd5965_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:7b641bdf5cf25092f85b6968930c587798239727581d376dbf39aeb913cd5965_arm64"
},
"product_reference": "mtr/mtr-rhel8-operator@sha256:7b641bdf5cf25092f85b6968930c587798239727581d376dbf39aeb913cd5965_arm64",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-rhel8-operator@sha256:837c280f4154c26ff73f2990ec6b2263825ef090319345276f4aee0965276c84_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:837c280f4154c26ff73f2990ec6b2263825ef090319345276f4aee0965276c84_amd64"
},
"product_reference": "mtr/mtr-rhel8-operator@sha256:837c280f4154c26ff73f2990ec6b2263825ef090319345276f4aee0965276c84_amd64",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-web-container-rhel8@sha256:6b9bd6697f4a84db25429f8ba1e13110bccb3d4b5c0c726f341ec47288f2f3c9_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6b9bd6697f4a84db25429f8ba1e13110bccb3d4b5c0c726f341ec47288f2f3c9_amd64"
},
"product_reference": "mtr/mtr-web-container-rhel8@sha256:6b9bd6697f4a84db25429f8ba1e13110bccb3d4b5c0c726f341ec47288f2f3c9_amd64",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-web-container-rhel8@sha256:9642fbf1b7ad9bf5a0cca7c9905d00dc57d0f89397a0f990025ad7848c830495_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9642fbf1b7ad9bf5a0cca7c9905d00dc57d0f89397a0f990025ad7848c830495_s390x"
},
"product_reference": "mtr/mtr-web-container-rhel8@sha256:9642fbf1b7ad9bf5a0cca7c9905d00dc57d0f89397a0f990025ad7848c830495_s390x",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-web-container-rhel8@sha256:ca075ce4c2061ae0c70dfca7376b9d9f016095b4a4d59c9af91dd42f6a2fc8a2_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:ca075ce4c2061ae0c70dfca7376b9d9f016095b4a4d59c9af91dd42f6a2fc8a2_ppc64le"
},
"product_reference": "mtr/mtr-web-container-rhel8@sha256:ca075ce4c2061ae0c70dfca7376b9d9f016095b4a4d59c9af91dd42f6a2fc8a2_ppc64le",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-web-executor-container-rhel8@sha256:98ef1d7e8dd53c9f9ff491357f4bb29c22a8d777f646f4bec35d5799d4d4abb4_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:98ef1d7e8dd53c9f9ff491357f4bb29c22a8d777f646f4bec35d5799d4d4abb4_s390x"
},
"product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:98ef1d7e8dd53c9f9ff491357f4bb29c22a8d777f646f4bec35d5799d4d4abb4_s390x",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-web-executor-container-rhel8@sha256:b16e22796ed1319c330059f15daa827844a1d12d35bb2f2ffc8c2e35de388fe6_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b16e22796ed1319c330059f15daa827844a1d12d35bb2f2ffc8c2e35de388fe6_arm64"
},
"product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:b16e22796ed1319c330059f15daa827844a1d12d35bb2f2ffc8c2e35de388fe6_arm64",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-web-executor-container-rhel8@sha256:ed14f2b7adeb8e5d111208c5882fd25412055dbdfb0173cc5a5309c83112e5a3_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:ed14f2b7adeb8e5d111208c5882fd25412055dbdfb0173cc5a5309c83112e5a3_amd64"
},
"product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:ed14f2b7adeb8e5d111208c5882fd25412055dbdfb0173cc5a5309c83112e5a3_amd64",
"relates_to_product_reference": "8Base-MTR-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mtr/mtr-web-executor-container-rhel8@sha256:fab2b8e08e484747d0409ca139551dc71783e08e7d6dfc6bce09df51a55023f7_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:fab2b8e08e484747d0409ca139551dc71783e08e7d6dfc6bce09df51a55023f7_ppc64le"
},
"product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:fab2b8e08e484747d0409ca139551dc71783e08e7d6dfc6bce09df51a55023f7_ppc64le",
"relates_to_product_reference": "8Base-MTR-1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-31690",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"discovery_date": "2023-01-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:00a133578915e07a223f8c61015ad48d121d07ceb7a94639c9c696fa5bcfe99c_amd64",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:0641798f8d433adc4e12e402aa1777a8034a0c670fe2cfa12335f1e07a289a8d_s390x",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:21bb017f2e1df373f1534242a1ea109de2fac61d72da1a68824bf8b4e317e567_ppc64le",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2422d9fa5d0855d037d4b6c30902a08455fa5abc5e71d21c60b1571d6205e61f_arm64",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3365d73032b1bdc61609c643cb88b594431ee13ddb107abc8af075d105204672_ppc64le",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:768db938fe00ee47f03aeae89fd1c6a787f0c016753feb34cba30c4eb74cab61_s390x",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:7b641bdf5cf25092f85b6968930c587798239727581d376dbf39aeb913cd5965_arm64",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:837c280f4154c26ff73f2990ec6b2263825ef090319345276f4aee0965276c84_amd64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:98ef1d7e8dd53c9f9ff491357f4bb29c22a8d777f646f4bec35d5799d4d4abb4_s390x",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b16e22796ed1319c330059f15daa827844a1d12d35bb2f2ffc8c2e35de388fe6_arm64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:ed14f2b7adeb8e5d111208c5882fd25412055dbdfb0173cc5a5309c83112e5a3_amd64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:fab2b8e08e484747d0409ca139551dc71783e08e7d6dfc6bce09df51a55023f7_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2162200"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Spring Security framework. Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client (via the browser) to the Authorization Server, an attacker can gain elevated privileges on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration Camel-K, Camel-Quarkus, and Camel-SpringBoot do not directly use or ship the affected software, but do have references to it in their Maven POMs. As such their impact has been reduced to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6b9bd6697f4a84db25429f8ba1e13110bccb3d4b5c0c726f341ec47288f2f3c9_amd64",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9642fbf1b7ad9bf5a0cca7c9905d00dc57d0f89397a0f990025ad7848c830495_s390x",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:ca075ce4c2061ae0c70dfca7376b9d9f016095b4a4d59c9af91dd42f6a2fc8a2_ppc64le"
],
"known_not_affected": [
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:00a133578915e07a223f8c61015ad48d121d07ceb7a94639c9c696fa5bcfe99c_amd64",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:0641798f8d433adc4e12e402aa1777a8034a0c670fe2cfa12335f1e07a289a8d_s390x",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:21bb017f2e1df373f1534242a1ea109de2fac61d72da1a68824bf8b4e317e567_ppc64le",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2422d9fa5d0855d037d4b6c30902a08455fa5abc5e71d21c60b1571d6205e61f_arm64",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3365d73032b1bdc61609c643cb88b594431ee13ddb107abc8af075d105204672_ppc64le",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:768db938fe00ee47f03aeae89fd1c6a787f0c016753feb34cba30c4eb74cab61_s390x",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:7b641bdf5cf25092f85b6968930c587798239727581d376dbf39aeb913cd5965_arm64",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:837c280f4154c26ff73f2990ec6b2263825ef090319345276f4aee0965276c84_amd64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:98ef1d7e8dd53c9f9ff491357f4bb29c22a8d777f646f4bec35d5799d4d4abb4_s390x",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b16e22796ed1319c330059f15daa827844a1d12d35bb2f2ffc8c2e35de388fe6_arm64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:ed14f2b7adeb8e5d111208c5882fd25412055dbdfb0173cc5a5309c83112e5a3_amd64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:fab2b8e08e484747d0409ca139551dc71783e08e7d6dfc6bce09df51a55023f7_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31690"
},
{
"category": "external",
"summary": "RHBZ#2162200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162200"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31690",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31690"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31690",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31690"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2022-31690",
"url": "https://spring.io/security/cve-2022-31690"
}
],
"release_date": "2022-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-16T09:31:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6b9bd6697f4a84db25429f8ba1e13110bccb3d4b5c0c726f341ec47288f2f3c9_amd64",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9642fbf1b7ad9bf5a0cca7c9905d00dc57d0f89397a0f990025ad7848c830495_s390x",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:ca075ce4c2061ae0c70dfca7376b9d9f016095b4a4d59c9af91dd42f6a2fc8a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1286"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:00a133578915e07a223f8c61015ad48d121d07ceb7a94639c9c696fa5bcfe99c_amd64",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:0641798f8d433adc4e12e402aa1777a8034a0c670fe2cfa12335f1e07a289a8d_s390x",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:21bb017f2e1df373f1534242a1ea109de2fac61d72da1a68824bf8b4e317e567_ppc64le",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2422d9fa5d0855d037d4b6c30902a08455fa5abc5e71d21c60b1571d6205e61f_arm64",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3365d73032b1bdc61609c643cb88b594431ee13ddb107abc8af075d105204672_ppc64le",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:768db938fe00ee47f03aeae89fd1c6a787f0c016753feb34cba30c4eb74cab61_s390x",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:7b641bdf5cf25092f85b6968930c587798239727581d376dbf39aeb913cd5965_arm64",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:837c280f4154c26ff73f2990ec6b2263825ef090319345276f4aee0965276c84_amd64",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6b9bd6697f4a84db25429f8ba1e13110bccb3d4b5c0c726f341ec47288f2f3c9_amd64",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9642fbf1b7ad9bf5a0cca7c9905d00dc57d0f89397a0f990025ad7848c830495_s390x",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:ca075ce4c2061ae0c70dfca7376b9d9f016095b4a4d59c9af91dd42f6a2fc8a2_ppc64le",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:98ef1d7e8dd53c9f9ff491357f4bb29c22a8d777f646f4bec35d5799d4d4abb4_s390x",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b16e22796ed1319c330059f15daa827844a1d12d35bb2f2ffc8c2e35de388fe6_arm64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:ed14f2b7adeb8e5d111208c5882fd25412055dbdfb0173cc5a5309c83112e5a3_amd64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:fab2b8e08e484747d0409ca139551dc71783e08e7d6dfc6bce09df51a55023f7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client"
},
{
"cve": "CVE-2022-41966",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2023-02-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:00a133578915e07a223f8c61015ad48d121d07ceb7a94639c9c696fa5bcfe99c_amd64",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:0641798f8d433adc4e12e402aa1777a8034a0c670fe2cfa12335f1e07a289a8d_s390x",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:21bb017f2e1df373f1534242a1ea109de2fac61d72da1a68824bf8b4e317e567_ppc64le",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2422d9fa5d0855d037d4b6c30902a08455fa5abc5e71d21c60b1571d6205e61f_arm64",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3365d73032b1bdc61609c643cb88b594431ee13ddb107abc8af075d105204672_ppc64le",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:768db938fe00ee47f03aeae89fd1c6a787f0c016753feb34cba30c4eb74cab61_s390x",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:7b641bdf5cf25092f85b6968930c587798239727581d376dbf39aeb913cd5965_arm64",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:837c280f4154c26ff73f2990ec6b2263825ef090319345276f4aee0965276c84_amd64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:98ef1d7e8dd53c9f9ff491357f4bb29c22a8d777f646f4bec35d5799d4d4abb4_s390x",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b16e22796ed1319c330059f15daa827844a1d12d35bb2f2ffc8c2e35de388fe6_arm64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:ed14f2b7adeb8e5d111208c5882fd25412055dbdfb0173cc5a5309c83112e5a3_amd64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:fab2b8e08e484747d0409ca139551dc71783e08e7d6dfc6bce09df51a55023f7_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse 7 ships an affected version of XStream. No endpoint in any flavor of Fuse is accepting by default an unverified input stream passed directly to XStream unmarshaller. Documentation always recommend all the endpoints (TCP/UDP/HTTP(S)/other listeners) to have at least one layer of authentication/authorization and Fuse in general itself in particular has a lot of mechanisms to protect the endpoints.\n\nRed Hat Single Sign-On contains XStream as a transitive dependency from Infinispan and the same is not affected as NO_REFERENCE is in use.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6b9bd6697f4a84db25429f8ba1e13110bccb3d4b5c0c726f341ec47288f2f3c9_amd64",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9642fbf1b7ad9bf5a0cca7c9905d00dc57d0f89397a0f990025ad7848c830495_s390x",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:ca075ce4c2061ae0c70dfca7376b9d9f016095b4a4d59c9af91dd42f6a2fc8a2_ppc64le"
],
"known_not_affected": [
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:00a133578915e07a223f8c61015ad48d121d07ceb7a94639c9c696fa5bcfe99c_amd64",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:0641798f8d433adc4e12e402aa1777a8034a0c670fe2cfa12335f1e07a289a8d_s390x",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:21bb017f2e1df373f1534242a1ea109de2fac61d72da1a68824bf8b4e317e567_ppc64le",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2422d9fa5d0855d037d4b6c30902a08455fa5abc5e71d21c60b1571d6205e61f_arm64",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3365d73032b1bdc61609c643cb88b594431ee13ddb107abc8af075d105204672_ppc64le",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:768db938fe00ee47f03aeae89fd1c6a787f0c016753feb34cba30c4eb74cab61_s390x",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:7b641bdf5cf25092f85b6968930c587798239727581d376dbf39aeb913cd5965_arm64",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:837c280f4154c26ff73f2990ec6b2263825ef090319345276f4aee0965276c84_amd64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:98ef1d7e8dd53c9f9ff491357f4bb29c22a8d777f646f4bec35d5799d4d4abb4_s390x",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b16e22796ed1319c330059f15daa827844a1d12d35bb2f2ffc8c2e35de388fe6_arm64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:ed14f2b7adeb8e5d111208c5882fd25412055dbdfb0173cc5a5309c83112e5a3_amd64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:fab2b8e08e484747d0409ca139551dc71783e08e7d6dfc6bce09df51a55023f7_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41966"
},
{
"category": "external",
"summary": "RHBZ#2170431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41966"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966"
},
{
"category": "external",
"summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv",
"url": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv"
}
],
"release_date": "2022-12-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-16T09:31:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6b9bd6697f4a84db25429f8ba1e13110bccb3d4b5c0c726f341ec47288f2f3c9_amd64",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9642fbf1b7ad9bf5a0cca7c9905d00dc57d0f89397a0f990025ad7848c830495_s390x",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:ca075ce4c2061ae0c70dfca7376b9d9f016095b4a4d59c9af91dd42f6a2fc8a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1286"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:00a133578915e07a223f8c61015ad48d121d07ceb7a94639c9c696fa5bcfe99c_amd64",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:0641798f8d433adc4e12e402aa1777a8034a0c670fe2cfa12335f1e07a289a8d_s390x",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:21bb017f2e1df373f1534242a1ea109de2fac61d72da1a68824bf8b4e317e567_ppc64le",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2422d9fa5d0855d037d4b6c30902a08455fa5abc5e71d21c60b1571d6205e61f_arm64",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3365d73032b1bdc61609c643cb88b594431ee13ddb107abc8af075d105204672_ppc64le",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:768db938fe00ee47f03aeae89fd1c6a787f0c016753feb34cba30c4eb74cab61_s390x",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:7b641bdf5cf25092f85b6968930c587798239727581d376dbf39aeb913cd5965_arm64",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:837c280f4154c26ff73f2990ec6b2263825ef090319345276f4aee0965276c84_amd64",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6b9bd6697f4a84db25429f8ba1e13110bccb3d4b5c0c726f341ec47288f2f3c9_amd64",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9642fbf1b7ad9bf5a0cca7c9905d00dc57d0f89397a0f990025ad7848c830495_s390x",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:ca075ce4c2061ae0c70dfca7376b9d9f016095b4a4d59c9af91dd42f6a2fc8a2_ppc64le",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:98ef1d7e8dd53c9f9ff491357f4bb29c22a8d777f646f4bec35d5799d4d4abb4_s390x",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b16e22796ed1319c330059f15daa827844a1d12d35bb2f2ffc8c2e35de388fe6_arm64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:ed14f2b7adeb8e5d111208c5882fd25412055dbdfb0173cc5a5309c83112e5a3_amd64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:fab2b8e08e484747d0409ca139551dc71783e08e7d6dfc6bce09df51a55023f7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow"
},
{
"cve": "CVE-2022-46364",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:00a133578915e07a223f8c61015ad48d121d07ceb7a94639c9c696fa5bcfe99c_amd64",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:0641798f8d433adc4e12e402aa1777a8034a0c670fe2cfa12335f1e07a289a8d_s390x",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:21bb017f2e1df373f1534242a1ea109de2fac61d72da1a68824bf8b4e317e567_ppc64le",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2422d9fa5d0855d037d4b6c30902a08455fa5abc5e71d21c60b1571d6205e61f_arm64",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3365d73032b1bdc61609c643cb88b594431ee13ddb107abc8af075d105204672_ppc64le",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:768db938fe00ee47f03aeae89fd1c6a787f0c016753feb34cba30c4eb74cab61_s390x",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:7b641bdf5cf25092f85b6968930c587798239727581d376dbf39aeb913cd5965_arm64",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:837c280f4154c26ff73f2990ec6b2263825ef090319345276f4aee0965276c84_amd64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:98ef1d7e8dd53c9f9ff491357f4bb29c22a8d777f646f4bec35d5799d4d4abb4_s390x",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b16e22796ed1319c330059f15daa827844a1d12d35bb2f2ffc8c2e35de388fe6_arm64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:ed14f2b7adeb8e5d111208c5882fd25412055dbdfb0173cc5a5309c83112e5a3_amd64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:fab2b8e08e484747d0409ca139551dc71783e08e7d6dfc6bce09df51a55023f7_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155682"
}
],
"notes": [
{
"category": "description",
"text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: SSRF Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6b9bd6697f4a84db25429f8ba1e13110bccb3d4b5c0c726f341ec47288f2f3c9_amd64",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9642fbf1b7ad9bf5a0cca7c9905d00dc57d0f89397a0f990025ad7848c830495_s390x",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:ca075ce4c2061ae0c70dfca7376b9d9f016095b4a4d59c9af91dd42f6a2fc8a2_ppc64le"
],
"known_not_affected": [
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:00a133578915e07a223f8c61015ad48d121d07ceb7a94639c9c696fa5bcfe99c_amd64",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:0641798f8d433adc4e12e402aa1777a8034a0c670fe2cfa12335f1e07a289a8d_s390x",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:21bb017f2e1df373f1534242a1ea109de2fac61d72da1a68824bf8b4e317e567_ppc64le",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2422d9fa5d0855d037d4b6c30902a08455fa5abc5e71d21c60b1571d6205e61f_arm64",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3365d73032b1bdc61609c643cb88b594431ee13ddb107abc8af075d105204672_ppc64le",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:768db938fe00ee47f03aeae89fd1c6a787f0c016753feb34cba30c4eb74cab61_s390x",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:7b641bdf5cf25092f85b6968930c587798239727581d376dbf39aeb913cd5965_arm64",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:837c280f4154c26ff73f2990ec6b2263825ef090319345276f4aee0965276c84_amd64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:98ef1d7e8dd53c9f9ff491357f4bb29c22a8d777f646f4bec35d5799d4d4abb4_s390x",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b16e22796ed1319c330059f15daa827844a1d12d35bb2f2ffc8c2e35de388fe6_arm64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:ed14f2b7adeb8e5d111208c5882fd25412055dbdfb0173cc5a5309c83112e5a3_amd64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:fab2b8e08e484747d0409ca139551dc71783e08e7d6dfc6bce09df51a55023f7_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46364"
},
{
"category": "external",
"summary": "RHBZ#2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-16T09:31:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6b9bd6697f4a84db25429f8ba1e13110bccb3d4b5c0c726f341ec47288f2f3c9_amd64",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9642fbf1b7ad9bf5a0cca7c9905d00dc57d0f89397a0f990025ad7848c830495_s390x",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:ca075ce4c2061ae0c70dfca7376b9d9f016095b4a4d59c9af91dd42f6a2fc8a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1286"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:00a133578915e07a223f8c61015ad48d121d07ceb7a94639c9c696fa5bcfe99c_amd64",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:0641798f8d433adc4e12e402aa1777a8034a0c670fe2cfa12335f1e07a289a8d_s390x",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:21bb017f2e1df373f1534242a1ea109de2fac61d72da1a68824bf8b4e317e567_ppc64le",
"8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2422d9fa5d0855d037d4b6c30902a08455fa5abc5e71d21c60b1571d6205e61f_arm64",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3365d73032b1bdc61609c643cb88b594431ee13ddb107abc8af075d105204672_ppc64le",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:768db938fe00ee47f03aeae89fd1c6a787f0c016753feb34cba30c4eb74cab61_s390x",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:7b641bdf5cf25092f85b6968930c587798239727581d376dbf39aeb913cd5965_arm64",
"8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:837c280f4154c26ff73f2990ec6b2263825ef090319345276f4aee0965276c84_amd64",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6b9bd6697f4a84db25429f8ba1e13110bccb3d4b5c0c726f341ec47288f2f3c9_amd64",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9642fbf1b7ad9bf5a0cca7c9905d00dc57d0f89397a0f990025ad7848c830495_s390x",
"8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:ca075ce4c2061ae0c70dfca7376b9d9f016095b4a4d59c9af91dd42f6a2fc8a2_ppc64le",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:98ef1d7e8dd53c9f9ff491357f4bb29c22a8d777f646f4bec35d5799d4d4abb4_s390x",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b16e22796ed1319c330059f15daa827844a1d12d35bb2f2ffc8c2e35de388fe6_arm64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:ed14f2b7adeb8e5d111208c5882fd25412055dbdfb0173cc5a5309c83112e5a3_amd64",
"8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:fab2b8e08e484747d0409ca139551dc71783e08e7d6dfc6bce09df51a55023f7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CXF: SSRF Vulnerability"
}
]
}
RHSA-2023_2041
Vulnerability from csaf_redhat - Published: 2023-04-27 00:48 - Updated: 2024-12-17 22:57Summary
Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update
Severity
Important
Notes
Topic: Migration Toolkit for Applications 6.1.0 release
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Migration Toolkit for Applications 6.1.0 Images
Security Fix(es):
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690)
* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)
* Apache CXF: SSRF Vulnerability (CVE-2022-46364)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64 | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64 | — |
Threats
Impact
Important
A flaw was found in the Spring Security framework. Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client (via the browser) to the Authorization Server, an attacker can gain elevated privileges on the system.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64 | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64 | — |
Threats
Impact
Important
A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64 | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64 | — |
Threats
Impact
Important
A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64 | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64 | — |
Threats
Impact
Important
References
88 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Migration Toolkit for Applications 6.1.0 release\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Migration Toolkit for Applications 6.1.0 Images\n\nSecurity Fix(es):\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690)\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow (CVE-2022-41966)\n\n* Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:2041",
"url": "https://access.redhat.com/errata/RHSA-2023:2041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2138971",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971"
},
{
"category": "external",
"summary": "2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "2162200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162200"
},
{
"category": "external",
"summary": "2170431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431"
},
{
"category": "external",
"summary": "MTA-118",
"url": "https://issues.redhat.com/browse/MTA-118"
},
{
"category": "external",
"summary": "MTA-123",
"url": "https://issues.redhat.com/browse/MTA-123"
},
{
"category": "external",
"summary": "MTA-129",
"url": "https://issues.redhat.com/browse/MTA-129"
},
{
"category": "external",
"summary": "MTA-160",
"url": "https://issues.redhat.com/browse/MTA-160"
},
{
"category": "external",
"summary": "MTA-204",
"url": "https://issues.redhat.com/browse/MTA-204"
},
{
"category": "external",
"summary": "MTA-256",
"url": "https://issues.redhat.com/browse/MTA-256"
},
{
"category": "external",
"summary": "MTA-260",
"url": "https://issues.redhat.com/browse/MTA-260"
},
{
"category": "external",
"summary": "MTA-261",
"url": "https://issues.redhat.com/browse/MTA-261"
},
{
"category": "external",
"summary": "MTA-263",
"url": "https://issues.redhat.com/browse/MTA-263"
},
{
"category": "external",
"summary": "MTA-267",
"url": "https://issues.redhat.com/browse/MTA-267"
},
{
"category": "external",
"summary": "MTA-268",
"url": "https://issues.redhat.com/browse/MTA-268"
},
{
"category": "external",
"summary": "MTA-279",
"url": "https://issues.redhat.com/browse/MTA-279"
},
{
"category": "external",
"summary": "MTA-28",
"url": "https://issues.redhat.com/browse/MTA-28"
},
{
"category": "external",
"summary": "MTA-282",
"url": "https://issues.redhat.com/browse/MTA-282"
},
{
"category": "external",
"summary": "MTA-283",
"url": "https://issues.redhat.com/browse/MTA-283"
},
{
"category": "external",
"summary": "MTA-284",
"url": "https://issues.redhat.com/browse/MTA-284"
},
{
"category": "external",
"summary": "MTA-29",
"url": "https://issues.redhat.com/browse/MTA-29"
},
{
"category": "external",
"summary": "MTA-297",
"url": "https://issues.redhat.com/browse/MTA-297"
},
{
"category": "external",
"summary": "MTA-298",
"url": "https://issues.redhat.com/browse/MTA-298"
},
{
"category": "external",
"summary": "MTA-299",
"url": "https://issues.redhat.com/browse/MTA-299"
},
{
"category": "external",
"summary": "MTA-300",
"url": "https://issues.redhat.com/browse/MTA-300"
},
{
"category": "external",
"summary": "MTA-303",
"url": "https://issues.redhat.com/browse/MTA-303"
},
{
"category": "external",
"summary": "MTA-304",
"url": "https://issues.redhat.com/browse/MTA-304"
},
{
"category": "external",
"summary": "MTA-306",
"url": "https://issues.redhat.com/browse/MTA-306"
},
{
"category": "external",
"summary": "MTA-311",
"url": "https://issues.redhat.com/browse/MTA-311"
},
{
"category": "external",
"summary": "MTA-314",
"url": "https://issues.redhat.com/browse/MTA-314"
},
{
"category": "external",
"summary": "MTA-330",
"url": "https://issues.redhat.com/browse/MTA-330"
},
{
"category": "external",
"summary": "MTA-332",
"url": "https://issues.redhat.com/browse/MTA-332"
},
{
"category": "external",
"summary": "MTA-34",
"url": "https://issues.redhat.com/browse/MTA-34"
},
{
"category": "external",
"summary": "MTA-345",
"url": "https://issues.redhat.com/browse/MTA-345"
},
{
"category": "external",
"summary": "MTA-35",
"url": "https://issues.redhat.com/browse/MTA-35"
},
{
"category": "external",
"summary": "MTA-350",
"url": "https://issues.redhat.com/browse/MTA-350"
},
{
"category": "external",
"summary": "MTA-351",
"url": "https://issues.redhat.com/browse/MTA-351"
},
{
"category": "external",
"summary": "MTA-356",
"url": "https://issues.redhat.com/browse/MTA-356"
},
{
"category": "external",
"summary": "MTA-363",
"url": "https://issues.redhat.com/browse/MTA-363"
},
{
"category": "external",
"summary": "MTA-364",
"url": "https://issues.redhat.com/browse/MTA-364"
},
{
"category": "external",
"summary": "MTA-366",
"url": "https://issues.redhat.com/browse/MTA-366"
},
{
"category": "external",
"summary": "MTA-367",
"url": "https://issues.redhat.com/browse/MTA-367"
},
{
"category": "external",
"summary": "MTA-369",
"url": "https://issues.redhat.com/browse/MTA-369"
},
{
"category": "external",
"summary": "MTA-375",
"url": "https://issues.redhat.com/browse/MTA-375"
},
{
"category": "external",
"summary": "MTA-377",
"url": "https://issues.redhat.com/browse/MTA-377"
},
{
"category": "external",
"summary": "MTA-378",
"url": "https://issues.redhat.com/browse/MTA-378"
},
{
"category": "external",
"summary": "MTA-38",
"url": "https://issues.redhat.com/browse/MTA-38"
},
{
"category": "external",
"summary": "MTA-381",
"url": "https://issues.redhat.com/browse/MTA-381"
},
{
"category": "external",
"summary": "MTA-382",
"url": "https://issues.redhat.com/browse/MTA-382"
},
{
"category": "external",
"summary": "MTA-388",
"url": "https://issues.redhat.com/browse/MTA-388"
},
{
"category": "external",
"summary": "MTA-389",
"url": "https://issues.redhat.com/browse/MTA-389"
},
{
"category": "external",
"summary": "MTA-391",
"url": "https://issues.redhat.com/browse/MTA-391"
},
{
"category": "external",
"summary": "MTA-392",
"url": "https://issues.redhat.com/browse/MTA-392"
},
{
"category": "external",
"summary": "MTA-41",
"url": "https://issues.redhat.com/browse/MTA-41"
},
{
"category": "external",
"summary": "MTA-412",
"url": "https://issues.redhat.com/browse/MTA-412"
},
{
"category": "external",
"summary": "MTA-428",
"url": "https://issues.redhat.com/browse/MTA-428"
},
{
"category": "external",
"summary": "MTA-430",
"url": "https://issues.redhat.com/browse/MTA-430"
},
{
"category": "external",
"summary": "MTA-438",
"url": "https://issues.redhat.com/browse/MTA-438"
},
{
"category": "external",
"summary": "MTA-439",
"url": "https://issues.redhat.com/browse/MTA-439"
},
{
"category": "external",
"summary": "MTA-443",
"url": "https://issues.redhat.com/browse/MTA-443"
},
{
"category": "external",
"summary": "MTA-50",
"url": "https://issues.redhat.com/browse/MTA-50"
},
{
"category": "external",
"summary": "MTA-51",
"url": "https://issues.redhat.com/browse/MTA-51"
},
{
"category": "external",
"summary": "MTA-52",
"url": "https://issues.redhat.com/browse/MTA-52"
},
{
"category": "external",
"summary": "MTA-55",
"url": "https://issues.redhat.com/browse/MTA-55"
},
{
"category": "external",
"summary": "MTA-78",
"url": "https://issues.redhat.com/browse/MTA-78"
},
{
"category": "external",
"summary": "MTA-99",
"url": "https://issues.redhat.com/browse/MTA-99"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2041.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update",
"tracking": {
"current_release_date": "2024-12-17T22:57:12+00:00",
"generator": {
"date": "2024-12-17T22:57:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:2041",
"initial_release_date": "2023-04-27T00:48:48+00:00",
"revision_history": [
{
"date": "2023-04-27T00:48:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-04-27T00:48:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T22:57:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "MTA 6.1 for RHEL 8",
"product": {
"name": "MTA 6.1 for RHEL 8",
"product_id": "8Base-MTA-6.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:migration_toolkit_applications:6.1::el8"
}
}
}
],
"category": "product_family",
"name": "Migration Toolkit for Applications"
},
{
"branches": [
{
"category": "product_version",
"name": "mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64",
"product": {
"name": "mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64",
"product_id": "mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-hub-rhel8\u0026tag=6.1.0-10"
}
}
},
{
"category": "product_version",
"name": "mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64",
"product": {
"name": "mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64",
"product_id": "mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-operator-bundle\u0026tag=6.1.0-16"
}
}
},
{
"category": "product_version",
"name": "mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64",
"product": {
"name": "mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64",
"product_id": "mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-rhel8-operator\u0026tag=6.1.0-11"
}
}
},
{
"category": "product_version",
"name": "mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64",
"product": {
"name": "mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64",
"product_id": "mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-pathfinder-rhel8\u0026tag=6.1.0-7"
}
}
},
{
"category": "product_version",
"name": "mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64",
"product": {
"name": "mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64",
"product_id": "mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-ui-rhel8\u0026tag=6.1.0-13"
}
}
},
{
"category": "product_version",
"name": "mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64",
"product": {
"name": "mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64",
"product_id": "mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-windup-addon-rhel8\u0026tag=6.1.0-11"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64 as a component of MTA 6.1 for RHEL 8",
"product_id": "8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64"
},
"product_reference": "mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64",
"relates_to_product_reference": "8Base-MTA-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64 as a component of MTA 6.1 for RHEL 8",
"product_id": "8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64"
},
"product_reference": "mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64",
"relates_to_product_reference": "8Base-MTA-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64 as a component of MTA 6.1 for RHEL 8",
"product_id": "8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64"
},
"product_reference": "mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64",
"relates_to_product_reference": "8Base-MTA-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64 as a component of MTA 6.1 for RHEL 8",
"product_id": "8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64"
},
"product_reference": "mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64",
"relates_to_product_reference": "8Base-MTA-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64 as a component of MTA 6.1 for RHEL 8",
"product_id": "8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64"
},
"product_reference": "mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64",
"relates_to_product_reference": "8Base-MTA-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64 as a component of MTA 6.1 for RHEL 8",
"product_id": "8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64"
},
"product_reference": "mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64",
"relates_to_product_reference": "8Base-MTA-6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-3782",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-10-31T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64",
"8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64",
"8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64",
"8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64",
"8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2138971"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: path traversal via double URL encoding",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64"
],
"known_not_affected": [
"8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64",
"8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64",
"8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64",
"8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64",
"8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3782"
},
{
"category": "external",
"summary": "RHBZ#2138971",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3782"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3782"
}
],
"release_date": "2022-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-27T00:48:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2041"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64",
"8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64",
"8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64",
"8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64",
"8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64",
"8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak: path traversal via double URL encoding"
},
{
"cve": "CVE-2022-31690",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"discovery_date": "2023-01-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64",
"8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64",
"8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64",
"8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64",
"8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2162200"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Spring Security framework. Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client (via the browser) to the Authorization Server, an attacker can gain elevated privileges on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration Camel-K, Camel-Quarkus, and Camel-SpringBoot do not directly use or ship the affected software, but do have references to it in their Maven POMs. As such their impact has been reduced to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64"
],
"known_not_affected": [
"8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64",
"8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64",
"8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64",
"8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64",
"8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31690"
},
{
"category": "external",
"summary": "RHBZ#2162200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162200"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31690",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31690"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31690",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31690"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2022-31690",
"url": "https://spring.io/security/cve-2022-31690"
}
],
"release_date": "2022-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-27T00:48:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2041"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64",
"8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64",
"8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64",
"8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64",
"8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64",
"8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client"
},
{
"cve": "CVE-2022-41966",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2023-02-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64",
"8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64",
"8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64",
"8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64",
"8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse 7 ships an affected version of XStream. No endpoint in any flavor of Fuse is accepting by default an unverified input stream passed directly to XStream unmarshaller. Documentation always recommend all the endpoints (TCP/UDP/HTTP(S)/other listeners) to have at least one layer of authentication/authorization and Fuse in general itself in particular has a lot of mechanisms to protect the endpoints.\n\nRed Hat Single Sign-On contains XStream as a transitive dependency from Infinispan and the same is not affected as NO_REFERENCE is in use.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64"
],
"known_not_affected": [
"8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64",
"8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64",
"8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64",
"8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64",
"8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41966"
},
{
"category": "external",
"summary": "RHBZ#2170431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41966"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966"
},
{
"category": "external",
"summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv",
"url": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv"
}
],
"release_date": "2022-12-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-27T00:48:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2041"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64",
"8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64",
"8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64",
"8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64",
"8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64",
"8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow"
},
{
"cve": "CVE-2022-46364",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64",
"8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64",
"8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64",
"8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64",
"8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155682"
}
],
"notes": [
{
"category": "description",
"text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: SSRF Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64"
],
"known_not_affected": [
"8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64",
"8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64",
"8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64",
"8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64",
"8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46364"
},
{
"category": "external",
"summary": "RHBZ#2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-27T00:48:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2041"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-MTA-6.1:mta/mta-hub-rhel8@sha256:c99e9df8b290935990e627a1ebe56da81dde49573aabb5a3c9133589f8f5b166_amd64",
"8Base-MTA-6.1:mta/mta-operator-bundle@sha256:eb99432ed3e453011e00bff4f6bc71b4347842e652335cc14d03ea4c96214c35_amd64",
"8Base-MTA-6.1:mta/mta-pathfinder-rhel8@sha256:8e2f586345d6b7e1c2e6d31b8e24965c38aa1640cbec0fb564deb2b2792c2c46_amd64",
"8Base-MTA-6.1:mta/mta-rhel8-operator@sha256:aa8087d3d9fa8123d2f925d6ddb3f7e3bde2c72ab02946cbe4d779f3450a8e09_amd64",
"8Base-MTA-6.1:mta/mta-ui-rhel8@sha256:24a3853bfc2cb9d37aa0a58e9c20224b3f9af91b8f55fbb0fe307294ad522685_amd64",
"8Base-MTA-6.1:mta/mta-windup-addon-rhel8@sha256:4268ab203ca9fd8ae3919dc80dbf31d2ce8591f2df55d6e5f4a12ead716a0cc0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CXF: SSRF Vulnerability"
}
]
}
RHSA-2023_2135
Vulnerability from csaf_redhat - Published: 2023-05-04 15:59 - Updated: 2024-12-16 16:07Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.3 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This asynchronous security patch is an update to Red Hat Process Automation Manager 7.
Security Fixes:
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
* keycloak: path traversal via double URL encoding (CVE-2022-3782)
* undertow: Infinite loop in SslConduit during close (CVE-2023-1108)
* commons-text: apache-commons-text: variable interpolation RCE (CVE-2022-42889)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
4.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHPAM 7.13.1 async
Red Hat / Red Hat Process Automation Manager
|
cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
References
64 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fixes:\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n\n* undertow: Infinite loop in SslConduit during close (CVE-2023-1108)\n\n* commons-text: apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:2135",
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "2138971",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971"
},
{
"category": "external",
"summary": "2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "2174246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2135.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.3 security update",
"tracking": {
"current_release_date": "2024-12-16T16:07:46+00:00",
"generator": {
"date": "2024-12-16T16:07:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:2135",
"initial_release_date": "2023-05-04T15:59:31+00:00",
"revision_history": [
{
"date": "2023-05-04T15:59:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-04T15:59:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-16T16:07:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHPAM 7.13.1 async",
"product": {
"name": "RHPAM 7.13.1 async",
"product_id": "RHPAM 7.13.1 async",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13"
}
}
}
],
"category": "product_family",
"name": "Red Hat Process Automation Manager"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-3782",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-10-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2138971"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keycloak: path traversal via double URL encoding",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3782"
},
{
"category": "external",
"summary": "RHBZ#2138971",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3782"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3782",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3782"
}
],
"release_date": "2022-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-04T15:59:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keycloak: path traversal via double URL encoding"
},
{
"cve": "CVE-2022-4244",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-12-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2149841"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with \"dot-dot-slash (../)\" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "codehaus-plexus: Directory Traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Single Sign-On uses this package for testing purposes and is not delivered with the distribution. Hence not affected status.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-4244"
},
{
"category": "external",
"summary": "RHBZ#2149841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149841"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4244"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4244",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4244"
}
],
"release_date": "2022-12-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-04T15:59:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "codehaus-plexus: Directory Traversal"
},
{
"cve": "CVE-2022-4245",
"cwe": {
"id": "CWE-91",
"name": "XML Injection (aka Blind XPath Injection)"
},
"discovery_date": "2022-12-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2149843"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --\u003e sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "codehaus-plexus: XML External Entity (XXE) Injection",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-4245"
},
{
"category": "external",
"summary": "RHBZ#2149843",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149843"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-4245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4245"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4245",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4245"
}
],
"release_date": "2022-12-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-04T15:59:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "codehaus-plexus: XML External Entity (XXE) Injection"
},
{
"cve": "CVE-2022-40149",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135771"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: parser crash by stackoverflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40149"
},
{
"category": "external",
"summary": "RHBZ#2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-04T15:59:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: parser crash by stackoverflow"
},
{
"cve": "CVE-2022-40150",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135770"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: memory exhaustion via user-supplied XML or JSON data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40150"
},
{
"category": "external",
"summary": "RHBZ#2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-04T15:59:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jettison: memory exhaustion via user-supplied XML or JSON data"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-04T15:59:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-04T15:59:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2022-42889",
"cwe": {
"id": "CWE-1188",
"name": "Initialization of a Resource with an Insecure Default"
},
"discovery_date": "2022-10-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135435"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-text: variable interpolation RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42889"
},
{
"category": "external",
"summary": "RHBZ#2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889"
},
{
"category": "external",
"summary": "https://blogs.apache.org/security/entry/cve-2022-42889",
"url": "https://blogs.apache.org/security/entry/cve-2022-42889"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om",
"url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om"
},
{
"category": "external",
"summary": "https://seclists.org/oss-sec/2022/q4/22",
"url": "https://seclists.org/oss-sec/2022/q4/22"
}
],
"release_date": "2022-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-04T15:59:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
},
{
"category": "workaround",
"details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.",
"product_ids": [
"RHPAM 7.13.1 async"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-text: variable interpolation RCE"
},
{
"cve": "CVE-2022-45693",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45693"
},
{
"category": "external",
"summary": "RHBZ#2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-04T15:59:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos"
},
{
"cve": "CVE-2022-46363",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155681"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: directory listing / code exfiltration",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46363"
},
{
"category": "external",
"summary": "RHBZ#2155681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46363",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c",
"url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-04T15:59:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "CXF: directory listing / code exfiltration"
},
{
"cve": "CVE-2022-46364",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155682"
}
],
"notes": [
{
"category": "description",
"text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: SSRF Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46364"
},
{
"category": "external",
"summary": "RHBZ#2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-04T15:59:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CXF: SSRF Vulnerability"
},
{
"cve": "CVE-2023-1108",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2023-02-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2174246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Undertow: Infinite loop in SslConduit during close",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHPAM 7.13.1 async"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1108"
},
{
"category": "external",
"summary": "RHBZ#2174246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1108",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1108"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1108",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1108"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-m4mm-pg93-fv78",
"url": "https://github.com/advisories/GHSA-m4mm-pg93-fv78"
}
],
"release_date": "2023-03-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-04T15:59:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHPAM 7.13.1 async"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHPAM 7.13.1 async"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Undertow: Infinite loop in SslConduit during close"
}
]
}
RHSA-2023_3641
Vulnerability from csaf_redhat - Published: 2023-06-15 15:23 - Updated: 2024-12-16 16:23Summary
Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.18.3 Patch 2 release
Severity
Important
Notes
Topic: Camel for Spring Boot 3.18.3 Patch 2 release and security update is now available.
Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: This release of Camel for Spring Boot 3.18.3.P2 serves as a replacement for Camel for Spring Boot 3.18.3.P1 and includes bug fixes and enhancements, which are documented in the Release Notes linked in the References. The purpose of this text-only errata is to inform you about the security issues fixed.
* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156)
* dev-java-snakeyaml: dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)
* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern.match (CVE-2022-38751)
* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)
* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHINT Camel-Springboot 3.18.3.P2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:camel_spring_boot:3.18
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
References
94 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Camel for Spring Boot 3.18.3 Patch 2 release and security update is now available.\n\nRed Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Camel for Spring Boot 3.18.3.P2 serves as a replacement for Camel for Spring Boot 3.18.3.P1 and includes bug fixes and enhancements, which are documented in the Release Notes linked in the References. The purpose of this text-only errata is to inform you about the security issues fixed.\n\n* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156)\n\n* dev-java-snakeyaml: dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern.match (CVE-2022-38751)\n\n* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:3641",
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2023-Q2",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2023-Q2"
},
{
"category": "external",
"summary": "2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "2129706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706"
},
{
"category": "external",
"summary": "2129707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707"
},
{
"category": "external",
"summary": "2129709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709"
},
{
"category": "external",
"summary": "2129710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129710"
},
{
"category": "external",
"summary": "2134288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134288"
},
{
"category": "external",
"summary": "2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "2151988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151988"
},
{
"category": "external",
"summary": "2155681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681"
},
{
"category": "external",
"summary": "2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "2182788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182788"
},
{
"category": "external",
"summary": "2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "2209342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209342"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3641.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.18.3 Patch 2 release",
"tracking": {
"current_release_date": "2024-12-16T16:23:30+00:00",
"generator": {
"date": "2024-12-16T16:23:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:3641",
"initial_release_date": "2023-06-15T15:23:47+00:00",
"revision_history": [
{
"date": "2023-06-15T15:23:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-06-15T15:23:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-16T16:23:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHINT Camel-Springboot 3.18.3.P2",
"product": {
"name": "RHINT Camel-Springboot 3.18.3.P2",
"product_id": "RHINT Camel-Springboot 3.18.3.P2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:camel_spring_boot:3.18"
}
}
}
],
"category": "product_family",
"name": "Red Hat Integration"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-25857",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2126789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25857"
},
{
"category": "external",
"summary": "RHBZ#2126789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525"
}
],
"release_date": "2022-08-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections"
},
{
"cve": "CVE-2022-38749",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129706"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38749"
},
{
"category": "external",
"summary": "RHBZ#2129706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode"
},
{
"cve": "CVE-2022-38750",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129707"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38750"
},
{
"category": "external",
"summary": "RHBZ#2129707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject"
},
{
"cve": "CVE-2022-38751",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129709"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38751"
},
{
"category": "external",
"summary": "RHBZ#2129709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match"
},
{
"cve": "CVE-2022-38752",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2129710"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38752"
},
{
"category": "external",
"summary": "RHBZ#2129710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129710"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38752"
}
],
"release_date": "2022-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode"
},
{
"cve": "CVE-2022-40152",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40152"
},
{
"category": "external",
"summary": "RHBZ#2134291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4",
"url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-40156",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134288"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40156"
},
{
"category": "external",
"summary": "RHBZ#2134288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134288"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40156",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40156"
}
],
"release_date": "2022-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks"
},
{
"cve": "CVE-2022-41854",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2151988"
}
],
"notes": [
{
"category": "description",
"text": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dev-java/snakeyaml: DoS via stack overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41854"
},
{
"category": "external",
"summary": "RHBZ#2151988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151988"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355"
},
{
"category": "external",
"summary": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355"
}
],
"release_date": "2022-11-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dev-java/snakeyaml: DoS via stack overflow"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2022-45047",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-11-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2145194"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mina-sshd: Java unsafe deserialization vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45047"
},
{
"category": "external",
"summary": "RHBZ#2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
"url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
}
],
"release_date": "2022-11-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
},
{
"category": "workaround",
"details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mina-sshd: Java unsafe deserialization vulnerability"
},
{
"cve": "CVE-2022-46363",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155681"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: directory listing / code exfiltration",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46363"
},
{
"category": "external",
"summary": "RHBZ#2155681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46363",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c",
"url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "CXF: directory listing / code exfiltration"
},
{
"cve": "CVE-2022-46364",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155682"
}
],
"notes": [
{
"category": "description",
"text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: SSRF Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46364"
},
{
"category": "external",
"summary": "RHBZ#2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CXF: SSRF Vulnerability"
},
{
"cve": "CVE-2023-1370",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2023-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2188542"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the json-smart package. This security flaw occurs when reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1370"
},
{
"category": "external",
"summary": "RHBZ#2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-493p-pfq6-5258",
"url": "https://github.com/advisories/GHSA-493p-pfq6-5258"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/",
"url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)"
},
{
"cve": "CVE-2023-1436",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2023-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182788"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: Uncontrolled Recursion in JSONArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1436"
},
{
"category": "external",
"summary": "RHBZ#2182788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182788"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/",
"url": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: Uncontrolled Recursion in JSONArray"
},
{
"cve": "CVE-2023-20883",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-05-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2209342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot\u0027s welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-boot: Spring Boot Welcome Page DoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHINT Camel-Springboot 3.18.3.P2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20883"
},
{
"category": "external",
"summary": "RHBZ#2209342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20883"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20883",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20883"
}
],
"release_date": "2023-05-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T15:23:47+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"RHINT Camel-Springboot 3.18.3.P2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHINT Camel-Springboot 3.18.3.P2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spring-boot: Spring Boot Welcome Page DoS Vulnerability"
}
]
}
RHSA-2023_3954
Vulnerability from csaf_redhat - Published: 2023-06-29 20:07 - Updated: 2024-12-17 22:56Summary
Red Hat Security Advisory: Red Hat Fuse 7.12 release and security update
Severity
Critical
Notes
Topic: A minor version update (from 7.11 to 7.12) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: This release of Red Hat Fuse 7.12 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.
Security Fix(es):
* hazelcast: Hazelcast connection caching (CVE-2022-36437)
* spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security (CVE-2022-31692)
* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)
* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)
* Apache CXF: SSRF Vulnerability (CVE-2022-46364)
* Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)
* jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name (CVE-2012-5783)
* apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)
* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* batik: Server-Side Request Forgery (CVE-2022-38398)
* batik: Server-Side Request Forgery (CVE-2022-38648)
* batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146)
* batik: Apache XML Graphics Batik vulnerable to code execution via SVG (CVE-2022-41704)
* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)
* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)
* engine.io: Specially crafted HTTP request can trigger an uncaught exception (CVE-2022-41940)
* postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions (CVE-2022-41946)
* batik: Untrusted code execution in Apache XML Graphics Batik (CVE-2022-42890)
* Apache CXF: directory listing / code exfiltration (CVE-2022-46363)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)
* shiro: Authentication bypass through a specially crafted HTTP request (CVE-2023-22602)
* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)
* tomcat: JsonErrorReportValve injection (CVE-2022-45143)
For more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.12
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.12
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.12
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.12
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the spring-security framework. Spring Security could allow a remote attacker to bypass security restrictions caused by an issue when using forward or include dispatcher types. By sending a specially-crafted request, an attacker can bypass authorization rules.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.12
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Hazelcast and Hazelcast Jet. This flaw may allow an attacker unauthenticated access to manipulate data in the cluster.
9.1 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.12
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Critical
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.12
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.12
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.12
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Batik. This issue may allow a malicious user to run untrusted Java code from an SVG.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.12
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.12
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service (DoS).
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.12
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in engine.io. The Socket.IO Engine.IO is vulnerable to a denial of service caused by an uncaught exception flaw. By sending a specially-crafted HTTP request, a remote, authenticated attacker can cause the Node.js process to crash, resulting in a denial of service.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.12
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in org.postgresql. This issue allows the creation of a temporary file when using PreparedStatement.setText(int, InputStream) and PreparedStatemet.setBytea(int, InputStream). This could allow a user to create an unexpected file available to all users, which could end in unexpected behavior.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.12
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.12
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Batik of Apache XML Graphics. This issue may allow a malicious user to run Java code from untrusted SVG via JavaScript.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.12
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.12
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Tomcat package. This flaw allowed users to input an invalid JSON structure, causing unwanted behavior as it did not escape the type, message, or description values.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.12
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.12
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.12
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.12
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.12
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.12
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.12
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.12
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Apache Shiro. This issue may allow a malicious user to send a specially crafted HTTP request that could cause an authentication bypass.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.12
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Fuse 7.12
Red Hat / Red Hat JBoss Fuse
|
cpe:/a:redhat:jboss_fuse:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
167 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A minor version update (from 7.11 to 7.12) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat Fuse 7.12 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.\n\nSecurity Fix(es):\n\n* hazelcast: Hazelcast connection caching (CVE-2022-36437)\n\n* spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security (CVE-2022-31692)\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow (CVE-2022-41966)\n\n* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n\n* Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\n* Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)\n\n* jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name (CVE-2012-5783)\n\n* apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)\n\n* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* batik: Server-Side Request Forgery (CVE-2022-38398)\n\n* batik: Server-Side Request Forgery (CVE-2022-38648)\n\n* batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146)\n\n* batik: Apache XML Graphics Batik vulnerable to code execution via SVG (CVE-2022-41704)\n\n* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n* engine.io: Specially crafted HTTP request can trigger an uncaught exception (CVE-2022-41940)\n\n* postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions (CVE-2022-41946)\n\n* batik: Untrusted code execution in Apache XML Graphics Batik (CVE-2022-42890)\n\n* Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)\n\n* shiro: Authentication bypass through a specially crafted HTTP request (CVE-2023-22602)\n\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n\n* tomcat: JsonErrorReportValve injection (CVE-2022-45143)\n\nFor more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:3954",
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.12.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.12.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.12/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.12/"
},
{
"category": "external",
"summary": "873317",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=873317"
},
{
"category": "external",
"summary": "1886587",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886587"
},
{
"category": "external",
"summary": "2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "2142707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707"
},
{
"category": "external",
"summary": "2144970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144970"
},
{
"category": "external",
"summary": "2151988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151988"
},
{
"category": "external",
"summary": "2153260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
},
{
"category": "external",
"summary": "2153379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153379"
},
{
"category": "external",
"summary": "2153399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153399"
},
{
"category": "external",
"summary": "2155291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155291"
},
{
"category": "external",
"summary": "2155292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155292"
},
{
"category": "external",
"summary": "2155295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155295"
},
{
"category": "external",
"summary": "2155681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681"
},
{
"category": "external",
"summary": "2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "2158695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158695"
},
{
"category": "external",
"summary": "2162053",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162053"
},
{
"category": "external",
"summary": "2162206",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162206"
},
{
"category": "external",
"summary": "2170431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431"
},
{
"category": "external",
"summary": "2174246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246"
},
{
"category": "external",
"summary": "2180528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528"
},
{
"category": "external",
"summary": "2180530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180530"
},
{
"category": "external",
"summary": "2182182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182182"
},
{
"category": "external",
"summary": "2182183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182183"
},
{
"category": "external",
"summary": "2182198",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182198"
},
{
"category": "external",
"summary": "2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "2209342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209342"
},
{
"category": "external",
"summary": "2215465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
},
{
"category": "external",
"summary": "ENTESB-20598",
"url": "https://issues.redhat.com/browse/ENTESB-20598"
},
{
"category": "external",
"summary": "ENTESB-21418",
"url": "https://issues.redhat.com/browse/ENTESB-21418"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3954.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Fuse 7.12 release and security update",
"tracking": {
"current_release_date": "2024-12-17T22:56:32+00:00",
"generator": {
"date": "2024-12-17T22:56:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:3954",
"initial_release_date": "2023-06-29T20:07:23+00:00",
"revision_history": [
{
"date": "2023-06-29T20:07:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-06-29T20:07:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T22:56:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Fuse 7.12",
"product": {
"name": "Red Hat Fuse 7.12",
"product_id": "Red Hat Fuse 7.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_fuse:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Fuse"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-5783",
"discovery_date": "2012-11-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "873317"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-5783"
},
{
"category": "external",
"summary": "RHBZ#873317",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=873317"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-5783",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5783"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5783",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5783"
}
],
"release_date": "2012-10-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-29T20:07:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat Fuse 7.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name"
},
{
"cve": "CVE-2020-13956",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2020-10-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1886587"
}
],
"notes": [
{
"category": "description",
"text": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-httpclient: incorrect handling of malformed authority component in request URIs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable httpclient library to authenticated users only. Additionally the vulnerable httpclient library is not used directly in OCP components, therefore the impact by this vulnerability is Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\nIn the Red Hat Enterprise Linux platforms, Maven 35 and 36 are affected via their respective `httpcomponents-client` component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-13956"
},
{
"category": "external",
"summary": "RHBZ#1886587",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886587"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-13956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13956"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2020/10/08/4",
"url": "https://www.openwall.com/lists/oss-security/2020/10/08/4"
}
],
"release_date": "2020-10-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-29T20:07:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-httpclient: incorrect handling of malformed authority component in request URIs"
},
{
"cve": "CVE-2022-4492",
"cwe": {
"id": "CWE-550",
"name": "Server-generated Error Message Containing Sensitive Information"
},
"discovery_date": "2022-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2153260"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Server identity in https connection is not checked by the undertow client",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-4492"
},
{
"category": "external",
"summary": "RHBZ#2153260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-4492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492"
}
],
"release_date": "2022-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-29T20:07:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Server identity in https connection is not checked by the undertow client"
},
{
"cve": "CVE-2022-24785",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-04-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072009"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Moment.js: Path traversal in moment.locale",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24785"
},
{
"category": "external",
"summary": "RHBZ#2072009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
"url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
}
],
"release_date": "2022-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-29T20:07:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
},
{
"category": "workaround",
"details": "Sanitize the user-provided locale name before passing it to Moment.js.",
"product_ids": [
"Red Hat Fuse 7.12"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Moment.js: Path traversal in moment.locale"
},
{
"cve": "CVE-2022-31692",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2023-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2162206"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the spring-security framework. Spring Security could allow a remote attacker to bypass security restrictions caused by an issue when using forward or include dispatcher types. By sending a specially-crafted request, an attacker can bypass authorization rules.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31692"
},
{
"category": "external",
"summary": "RHBZ#2162206",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162206"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31692",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31692"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31692",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31692"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2022-31692",
"url": "https://spring.io/security/cve-2022-31692"
}
],
"release_date": "2022-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-29T20:07:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security"
},
{
"cve": "CVE-2022-36437",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2023-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2162053"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hazelcast and Hazelcast Jet. This flaw may allow an attacker unauthenticated access to manipulate data in the cluster.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hazelcast: Hazelcast connection caching",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration - Camel Quarkus Extensions: Hazelcast is contained in camel-quarkus-hazelcast but it does not affect any supported component. This package is community support only. Hence the low impact for Camel Quarkus Extension.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-36437"
},
{
"category": "external",
"summary": "RHBZ#2162053",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162053"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-36437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36437"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-36437",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36437"
},
{
"category": "external",
"summary": "https://github.com/hazelcast/hazelcast/security/advisories/GHSA-c5hg-mr8r-f6jp",
"url": "https://github.com/hazelcast/hazelcast/security/advisories/GHSA-c5hg-mr8r-f6jp"
}
],
"release_date": "2022-12-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-29T20:07:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "hazelcast: Hazelcast connection caching"
},
{
"cve": "CVE-2022-38398",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155292"
}
],
"notes": [
{
"category": "description",
"text": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "batik: Server-Side Request Forgery",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38398"
},
{
"category": "external",
"summary": "RHBZ#2155292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155292"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38398",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38398"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38398",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38398"
},
{
"category": "external",
"summary": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903462",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903462"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/BATIK-1331",
"url": "https://issues.apache.org/jira/browse/BATIK-1331"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx",
"url": "https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx"
}
],
"release_date": "2022-09-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-29T20:07:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "batik: Server-Side Request Forgery"
},
{
"cve": "CVE-2022-38648",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155295"
}
],
"notes": [
{
"category": "description",
"text": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "batik: Server-Side Request Forgery",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38648"
},
{
"category": "external",
"summary": "RHBZ#2155295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155295"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38648"
},
{
"category": "external",
"summary": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903625",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903625"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/BATIK-1333",
"url": "https://issues.apache.org/jira/browse/BATIK-1333"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b",
"url": "https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b"
}
],
"release_date": "2022-09-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-29T20:07:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "batik: Server-Side Request Forgery"
},
{
"cve": "CVE-2022-40146",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155291"
}
],
"notes": [
{
"category": "description",
"text": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "batik: Server-Side Request Forgery (SSRF) vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40146"
},
{
"category": "external",
"summary": "RHBZ#2155291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40146",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40146"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40146",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40146"
},
{
"category": "external",
"summary": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903910",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903910"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/BATIK-1335",
"url": "https://issues.apache.org/jira/browse/BATIK-1335"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx",
"url": "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx"
}
],
"release_date": "2022-09-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-29T20:07:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "batik: Server-Side Request Forgery (SSRF) vulnerability"
},
{
"cve": "CVE-2022-41704",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2023-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182182"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Batik.\u00a0This issue may allow a malicious user to run untrusted Java code from an SVG.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "batik: Apache XML Graphics Batik vulnerable to code execution via SVG",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41704"
},
{
"category": "external",
"summary": "RHBZ#2182182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182182"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41704",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41704"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41704",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41704"
}
],
"release_date": "2022-10-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-29T20:07:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "batik: Apache XML Graphics Batik vulnerable to code execution via SVG"
},
{
"cve": "CVE-2022-41854",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2151988"
}
],
"notes": [
{
"category": "description",
"text": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dev-java/snakeyaml: DoS via stack overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41854"
},
{
"category": "external",
"summary": "RHBZ#2151988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151988"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854"
},
{
"category": "external",
"summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355",
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355"
},
{
"category": "external",
"summary": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355"
}
],
"release_date": "2022-11-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-29T20:07:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dev-java/snakeyaml: DoS via stack overflow"
},
{
"cve": "CVE-2022-41881",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2022-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2153379"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41881"
},
{
"category": "external",
"summary": "RHBZ#2153379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153379"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881"
}
],
"release_date": "2022-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-29T20:07:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS"
},
{
"cve": "CVE-2022-41940",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2022-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2144970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in engine.io. The Socket.IO Engine.IO is vulnerable to a denial of service caused by an uncaught exception flaw. By sending a specially-crafted HTTP request, a remote, authenticated attacker can cause the Node.js process to crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "engine.io: Specially crafted HTTP request can trigger an uncaught exception",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41940"
},
{
"category": "external",
"summary": "RHBZ#2144970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41940",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41940"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41940",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41940"
}
],
"release_date": "2022-11-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-29T20:07:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "engine.io: Specially crafted HTTP request can trigger an uncaught exception"
},
{
"cve": "CVE-2022-41946",
"cwe": {
"id": "CWE-377",
"name": "Insecure Temporary File"
},
"discovery_date": "2022-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2153399"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in org.postgresql. This issue allows the creation of a temporary file when using PreparedStatement.setText(int, InputStream) and PreparedStatemet.setBytea(int, InputStream). This could allow a user to create an unexpected file available to all users, which could end in unexpected behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite ships a PostgreSQL JDBC Driver for Hibernate ORM framework, which is embeds into Candlepin. Although Candlepin itself doesn\u0027t make direct use of the PreparedStatement methods from the PostgreSQL JDBC Driver, Hibernate ORM does utilize these methods, potentially making framework affected. Satellite server operating in an environment with untrusted users while the driver is running are vulnerable to the flaw, however, deployments without untrusted users are considered safe. A future Satellite update should address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41946"
},
{
"category": "external",
"summary": "RHBZ#2153399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153399"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41946"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41946",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41946"
}
],
"release_date": "2022-11-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-29T20:07:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions"
},
{
"cve": "CVE-2022-41966",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2023-02-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse 7 ships an affected version of XStream. No endpoint in any flavor of Fuse is accepting by default an unverified input stream passed directly to XStream unmarshaller. Documentation always recommend all the endpoints (TCP/UDP/HTTP(S)/other listeners) to have at least one layer of authentication/authorization and Fuse in general itself in particular has a lot of mechanisms to protect the endpoints.\n\nRed Hat Single Sign-On contains XStream as a transitive dependency from Infinispan and the same is not affected as NO_REFERENCE is in use.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41966"
},
{
"category": "external",
"summary": "RHBZ#2170431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41966"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966"
},
{
"category": "external",
"summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv",
"url": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv"
}
],
"release_date": "2022-12-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-29T20:07:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow"
},
{
"cve": "CVE-2022-42890",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2023-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182183"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Batik of Apache XML Graphics. This issue may allow a malicious user to run Java code from untrusted SVG via JavaScript.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "batik: Untrusted code execution in Apache XML Graphics Batik",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42890"
},
{
"category": "external",
"summary": "RHBZ#2182183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182183"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42890"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42890",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42890"
}
],
"release_date": "2022-10-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-29T20:07:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "batik: Untrusted code execution in Apache XML Graphics Batik"
},
{
"cve": "CVE-2022-42920",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-11-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2142707"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Fuse 7 ships the code in question but does not utilize it in the product, so it is affected at a reduced impact of Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42920"
},
{
"category": "external",
"summary": "RHBZ#2142707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4",
"url": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4"
}
],
"release_date": "2022-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-29T20:07:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing"
},
{
"cve": "CVE-2022-45143",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"discovery_date": "2023-01-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2158695"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Tomcat package. This flaw allowed users to input an invalid JSON structure, causing unwanted behavior as it did not escape the type, message, or description values.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: JsonErrorReportValve injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Although it may be rated as CVSS 7.5, it\u0027s still considered a low impact flaw as according to the advisory report from Apache, user controlled data may occur in specific cases only and may alter some specific fields only.\n\nRed Hat Satellite does not include the affected Apache Tomcat, however, Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45143"
},
{
"category": "external",
"summary": "RHBZ#2158695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45143"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj",
"url": "https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj"
}
],
"release_date": "2023-01-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-29T20:07:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: JsonErrorReportValve injection"
},
{
"cve": "CVE-2022-46363",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155681"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: directory listing / code exfiltration",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46363"
},
{
"category": "external",
"summary": "RHBZ#2155681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46363",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c",
"url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-29T20:07:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "CXF: directory listing / code exfiltration"
},
{
"cve": "CVE-2022-46364",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155682"
}
],
"notes": [
{
"category": "description",
"text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: SSRF Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46364"
},
{
"category": "external",
"summary": "RHBZ#2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-29T20:07:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CXF: SSRF Vulnerability"
},
{
"cve": "CVE-2023-1108",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2023-02-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2174246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Undertow: Infinite loop in SslConduit during close",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1108"
},
{
"category": "external",
"summary": "RHBZ#2174246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1108",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1108"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1108",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1108"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-m4mm-pg93-fv78",
"url": "https://github.com/advisories/GHSA-m4mm-pg93-fv78"
}
],
"release_date": "2023-03-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-29T20:07:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Undertow: Infinite loop in SslConduit during close"
},
{
"cve": "CVE-2023-1370",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2023-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2188542"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the json-smart package. This security flaw occurs when reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1370"
},
{
"category": "external",
"summary": "RHBZ#2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-493p-pfq6-5258",
"url": "https://github.com/advisories/GHSA-493p-pfq6-5258"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/",
"url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-29T20:07:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)"
},
{
"cve": "CVE-2023-20860",
"cwe": {
"id": "CWE-155",
"name": "Improper Neutralization of Wildcards or Matching Symbols"
},
"discovery_date": "2023-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20860"
},
{
"category": "external",
"summary": "RHBZ#2180528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20860",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20860"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860"
},
{
"category": "external",
"summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861",
"url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861"
}
],
"release_date": "2023-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-29T20:07:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern"
},
{
"cve": "CVE-2023-20861",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180530"
}
],
"notes": [
{
"category": "description",
"text": "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: Spring Expression DoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20861"
},
{
"category": "external",
"summary": "RHBZ#2180530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20861"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861"
},
{
"category": "external",
"summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861",
"url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861"
}
],
"release_date": "2023-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-29T20:07:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "springframework: Spring Expression DoS Vulnerability"
},
{
"cve": "CVE-2023-20883",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-05-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2209342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot\u0027s welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-boot: Spring Boot Welcome Page DoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20883"
},
{
"category": "external",
"summary": "RHBZ#2209342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20883"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20883",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20883"
}
],
"release_date": "2023-05-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-29T20:07:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "spring-boot: Spring Boot Welcome Page DoS Vulnerability"
},
{
"cve": "CVE-2023-22602",
"cwe": {
"id": "CWE-436",
"name": "Interpretation Conflict"
},
"discovery_date": "2023-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182198"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Shiro. This issue may allow a malicious user to send a specially crafted HTTP request that could cause an authentication bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "shiro: Authentication bypass through a specially crafted HTTP request",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-22602"
},
{
"category": "external",
"summary": "RHBZ#2182198",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182198"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-22602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22602"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-22602",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22602"
}
],
"release_date": "2023-01-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-29T20:07:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "shiro: Authentication bypass through a specially crafted HTTP request"
},
{
"cve": "CVE-2023-33201",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-06-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2215465"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Fuse 7.12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-33201"
},
{
"category": "external",
"summary": "RHBZ#2215465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
},
{
"category": "external",
"summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201",
"url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
}
],
"release_date": "2023-06-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-29T20:07:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Fuse 7.12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3954"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Fuse 7.12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate"
}
]
}
RHSA-2024:10207
Vulnerability from csaf_redhat - Published: 2024-11-25 00:12 - Updated: 2026-06-10 08:36Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.11 Security update
Severity
Important
Notes
Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.11 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.10, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.11 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [eap-7.3.z] (CVE-2024-28752)
* h2: Loading of custom classes from remote servers through JNDI [eap-7.3.z] (CVE-2022-23221)
* log4j: Unsafe deserialization flaw in Chainsaw log viewer [eap-7.3.z] (CVE-2022-23307)
* log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender [eap-7.3.z] (CVE-2022-23305)
* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender [eap-7.3.z] (CVE-2021-4104)
* CXF: Apache CXF: SSRF Vulnerability [eap-7.3.z] (CVE-2022-46364)
* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging [eap-7.3.z] (CVE-2023-26464)
* xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.3.z] (CVE-2022-34169)
* xnio: StackOverflowException when the chain of notifier states becomes problematically big [eap-7.3.z] (CVE-2023-5685)
* hsqldb: Untrusted input may lead to RCE attack [eap-7.3.z] (CVE-2022-41853)
* server: eap-7: heap exhaustion via deserialization [eap-7.3.z] (CVE-2023-3171)
* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK [eap-7.3.z] (CVE-2023-39410)
* undertow: client side invocation timeout raised when calling EJB over HTTP and HTTP2 [eap-7.3.z] (CVE-2021-3859)
* avro: apache-avro: Schema parsing may trigger Remote Code Execution (RCE) [eap-7.3.z] (CVE-2024-47561)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
7.5 (High)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JNDI LDAP endpoint.
7.5 (High)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.
9.8 (Critical)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain interpolation tokens.
8.8 (High)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run.
8.8 (High)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
7.5 (High)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.
9.8 (Critical)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
9.8 (Critical)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.
7.5 (High)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).
7.5 (High)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.
7.5 (High)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.
7.5 (High)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A server-side request forgery (SSRF) vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted.
7.4 (High)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute.
8.8 (High)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Critical
References
91 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.11 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.10, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.11 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [eap-7.3.z] (CVE-2024-28752)\n\n* h2: Loading of custom classes from remote servers through JNDI [eap-7.3.z] (CVE-2022-23221)\n\n* log4j: Unsafe deserialization flaw in Chainsaw log viewer [eap-7.3.z] (CVE-2022-23307)\n\n* log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender [eap-7.3.z] (CVE-2022-23305)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender [eap-7.3.z] (CVE-2021-4104)\n\n* CXF: Apache CXF: SSRF Vulnerability [eap-7.3.z] (CVE-2022-46364)\n\n* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging [eap-7.3.z] (CVE-2023-26464)\n\n* xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.3.z] (CVE-2022-34169)\n\n* xnio: StackOverflowException when the chain of notifier states becomes problematically big [eap-7.3.z] (CVE-2023-5685)\n\n* hsqldb: Untrusted input may lead to RCE attack [eap-7.3.z] (CVE-2022-41853)\n\n* server: eap-7: heap exhaustion via deserialization [eap-7.3.z] (CVE-2023-3171)\n\n* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK [eap-7.3.z] (CVE-2023-39410)\n\n* undertow: client side invocation timeout raised when calling EJB over HTTP and HTTP2 [eap-7.3.z] (CVE-2021-3859)\n\n* avro: apache-avro: Schema parsing may trigger Remote Code Execution (RCE) [eap-7.3.z] (CVE-2024-47561)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:10207",
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "2010378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010378"
},
{
"category": "external",
"summary": "2031667",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667"
},
{
"category": "external",
"summary": "2041959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041959"
},
{
"category": "external",
"summary": "2041967",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041967"
},
{
"category": "external",
"summary": "2044596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596"
},
{
"category": "external",
"summary": "2108554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108554"
},
{
"category": "external",
"summary": "2136141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136141"
},
{
"category": "external",
"summary": "2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "2182864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864"
},
{
"category": "external",
"summary": "2213639",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639"
},
{
"category": "external",
"summary": "2241822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241822"
},
{
"category": "external",
"summary": "2242521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242521"
},
{
"category": "external",
"summary": "2270732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270732"
},
{
"category": "external",
"summary": "2316116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316116"
},
{
"category": "external",
"summary": "JBEAP-23025",
"url": "https://issues.redhat.com/browse/JBEAP-23025"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10207.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.11 Security update",
"tracking": {
"current_release_date": "2026-06-10T08:36:57+00:00",
"generator": {
"date": "2026-06-10T08:36:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2024:10207",
"initial_release_date": "2024-11-25T00:12:17+00:00",
"revision_history": [
{
"date": "2024-11-25T00:12:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-11-25T00:12:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-10T08:36:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.15-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"product_id": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.13-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"product_id": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-avro@1.7.6-8.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"product_id": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j@2.3.3-2.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src",
"product_id": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xml-security@2.2.3-2.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"product": {
"name": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"product_id": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-38.redhat_00015.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"product_id": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-log4j-jboss-logmanager@1.2.2-2.Final_redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"product": {
"name": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"product_id": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-3.redhat_00004.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-4.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-12.Final_redhat_00013.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.11-4.GA_redhat_00002.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.13-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-avro@1.7.6-8.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j@2.3.3-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j-bindings@2.3.3-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j-policy@2.3.3-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-common@2.3.3-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-dom@2.3.3-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-policy-stax@2.3.3-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-stax@2.3.3-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xml-security@2.2.3-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"product_id": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-38.redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-log4j-jboss-logmanager@1.2.2-2.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"product_id": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-3.redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src"
},
"product_reference": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src"
},
"product_reference": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3859",
"cwe": {
"id": "CWE-214",
"name": "Invocation of Process Using Visible Sensitive Information"
},
"discovery_date": "2021-09-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2010378"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: client side invocation timeout raised when calling over HTTP2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3859"
},
{
"category": "external",
"summary": "RHBZ#2010378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010378"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3859",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3859"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3859",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3859"
}
],
"release_date": "2022-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: client side invocation timeout raised when calling over HTTP2"
},
{
"cve": "CVE-2021-4104",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-12-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2031667"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker\u0027s JNDI LDAP endpoint.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Based on the conditions to be exploitable (see details below), the risk is much lower than Log4j 2.x and Red Hat has assessed this to be Moderate severity. This flaw has been filed for Log4j 1.x, and the corresponding flaw information for Log4j 2.x is available at: https://access.redhat.com/security/cve/CVE-2021-44228\n\nNote this flaw ONLY affects applications which are specifically configured to use JMSAppender, which is not the default, or when the attacker has write access to the Log4j configuration for adding JMSAppender to the attacker\u0027s JNDI LDAP endpoint. \n\nIf the Log4j configuration is set TopicBindingName or TopicConnectionFactoryBindingName configurations allowing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228 Log4j 2.x, Log4j 1.x is vulnerable. However, the attack vector is reduced as it depends on having write access, which is not a standard configuration rather than untrusted user input. These are sufficient factors beyond the attacker\u0027s control.\n\nThe tomcat package shipped with Red Hat Enterprise Linux does not include log4j but it does include a default configuration for log4j, log4j.properties, which could be used with tomcat if users choose to install and configure the library. The JMSAppender is not enabled by default, and the permissions of the file can only be modified as root.\n\nRed Hat Virtualization ships log4j12-1.2.17, but it is used and configured in a way which makes this flaw not possible to exploit. Therefore impact is rated Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4104"
},
{
"category": "external",
"summary": "RHBZ#2031667",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667"
},
{
"category": "external",
"summary": "RHSB-2021-009",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4104",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4104"
},
{
"category": "external",
"summary": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126",
"url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126"
},
{
"category": "external",
"summary": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301",
"url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx",
"url": "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2021/12/13/1",
"url": "https://www.openwall.com/lists/oss-security/2021/12/13/1"
}
],
"release_date": "2021-12-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
},
{
"category": "workaround",
"details": "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JMSAppender in the Log4j configuration if it is used\n- Remove the JMSAppender class from the classpath. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/net/JMSAppender.class\n```\n- Restrict access for the OS user on the platform running the application to prevent modifying the Log4j configuration by the attacker.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender"
},
{
"cve": "CVE-2022-23221",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044596"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "h2: Loading of custom classes from remote servers through JNDI",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23221"
},
{
"category": "external",
"summary": "RHBZ#2044596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23221"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-45hx-wfhj-473x",
"url": "https://github.com/advisories/GHSA-45hx-wfhj-473x"
}
],
"release_date": "2022-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "h2: Loading of custom classes from remote servers through JNDI"
},
{
"cve": "CVE-2022-23305",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2022-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2041959"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain interpolation tokens.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization and OpenShift Container Platform in the OCP Metering stack (the Hive/Presto/Hadoop components) ship a vulnerable version of the log4j package, however JDBCAppender is not used. Therefore the impact of this vulnerability for these products is rated Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23305"
},
{
"category": "external",
"summary": "RHBZ#2041959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23305"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23305",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23305"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2022/01/18/4",
"url": "https://www.openwall.com/lists/oss-security/2022/01/18/4"
}
],
"release_date": "2022-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
},
{
"category": "workaround",
"details": "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JDBCAppender in the Log4j configuration if it is used\n- Remove the JDBCAppender class from the server\u0027s jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/jdbc/JDBCAppender.class\n```",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender"
},
{
"cve": "CVE-2022-23307",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2041967"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j: Unsafe deserialization flaw in Chainsaw log viewer",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Chainsaw is a standalone graphical user interface for viewing log entries in log4j. This flaw may be bypassed by using other available means to access log entries.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization ships a vulnerable version of the log4j package, however chainsaw is not part of typical use cases. An attacker looking to exploit this would need to not only be able to generate a malicious log entry, but also have the necessary access and permissions to start chainsaw on the engine node. Therefore the impact of this vulnerability for Red Hat Virtualization is rated Low.\n\nSimilar to Red Hat Virtualization in OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of log4j package, however vulnerable chainsaw component is not used by default. Therefore the impact to OCP is reduced to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23307"
},
{
"category": "external",
"summary": "RHBZ#2041967",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041967"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23307"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23307",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23307"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2022/01/18/5",
"url": "https://www.openwall.com/lists/oss-security/2022/01/18/5"
}
],
"release_date": "2022-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
},
{
"category": "workaround",
"details": "These are the mitigations available for this flaw for log4j 1.x:\n- Avoid using Chainsaw to view logs, and instead use some other utility, especially if there is a log view available within the product itself.\n- Remove the Chainsaw classes from the log4j jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/chainsaw/*\n```\n(log4j jars may be nested in zip archives within product)",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "log4j: Unsafe deserialization flaw in Chainsaw log viewer"
},
{
"cve": "CVE-2022-34169",
"cwe": {
"id": "CWE-192",
"name": "Integer Coercion Error"
},
"discovery_date": "2022-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2108554"
}
],
"notes": [
{
"category": "description",
"text": "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-34169"
},
{
"category": "external",
"summary": "RHBZ#2108554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108554"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-34169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34169"
}
],
"release_date": "2022-07-19T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)"
},
{
"cve": "CVE-2022-41853",
"cwe": {
"id": "CWE-470",
"name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)"
},
"discovery_date": "2022-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2136141"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hsqldb: Untrusted input may lead to RCE attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41853"
},
{
"category": "external",
"summary": "RHBZ#2136141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136141"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41853",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41853"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41853",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41853"
},
{
"category": "external",
"summary": "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control",
"url": "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-77xx-rxvh-q682",
"url": "https://github.com/advisories/GHSA-77xx-rxvh-q682"
}
],
"release_date": "2022-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
},
{
"category": "workaround",
"details": "By default, the static methods of any class that is on the classpath are available for use and can compromise security in some systems. The optional Java system property, hsqldb.method_class_names, allows preventing access to classes other than java.lang.Math or specifying a semicolon-separated list of allowed classes. A property value that ends with .* is treated as a wild card and allows access to all class or method names formed by substitution of the * (asterisk).\n\nIn the example below, the property has been included as an argument to the Java command.\n\n java -Dhsqldb.method_class_names=\"org.me.MyClass;org.you.YourClass;org.you.lib.*\" [the rest of the command line]\n\nThe above example allows access to the methods in the two classes: org.me.MyClass and org.you.YourClass together with all the classes in the org.you.lib package. Note that if the property is not defined, no access control is performed at this level.\n\nThe user who creates a Java routine must have the relevant access privileges on the tables that are used inside the Java method.\n\nOnce the routine has been defined, the normal database access control applies to its user. The routine can be executed only by those users who have been granted EXECUTE privileges on it. Access to routines can be granted to users with GRANT EXECUTE or GRANT ALL. For example, GRANT EXECUTE ON myroutine TO PUBLIC.\n\nIn hsqldb 2.7.1, all classes by default are not accessible, except those in java.lang.Math and need to be manually enabled.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "hsqldb: Untrusted input may lead to RCE attack"
},
{
"cve": "CVE-2022-46364",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155682"
}
],
"notes": [
{
"category": "description",
"text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: SSRF Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46364"
},
{
"category": "external",
"summary": "RHBZ#2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CXF: SSRF Vulnerability"
},
{
"cve": "CVE-2023-3171",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"discovery_date": "2023-04-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2213639"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eap-7: heap exhaustion via deserialization",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-3171"
},
{
"category": "external",
"summary": "RHBZ#2213639",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3171"
}
],
"release_date": "2023-10-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "eap-7: heap exhaustion via deserialization"
},
{
"cve": "CVE-2023-5685",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2241822"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xnio: StackOverflowException when the chain of notifier states becomes problematically big",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this vulnerability as an Important impact as the uncontrolled resource consumption may lead to Denial of Service (DoS). This might be intentioned by an attacker who is looking to jeopardize an environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5685"
},
{
"category": "external",
"summary": "RHBZ#2241822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5685",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5685"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
},
{
"category": "workaround",
"details": "There is currently no mitigation available for this vulnerability. Please keep the packages up-to-date as the updates become available.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xnio: StackOverflowException when the chain of notifier states becomes problematically big"
},
{
"cve": "CVE-2023-26464",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182864"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j1-socketappender: DoS via hashmap logging",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 security impacts have been reduced to Low as they do not enable the vulnerable JDK by default.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26464"
},
{
"category": "external",
"summary": "RHBZ#2182864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26464"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464"
},
{
"category": "external",
"summary": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464",
"url": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464"
}
],
"release_date": "2023-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "log4j1-socketappender: DoS via hashmap logging"
},
{
"cve": "CVE-2023-39410",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2023-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242521"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39410"
},
{
"category": "external",
"summary": "RHBZ#2242521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242521"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/AVRO-3819",
"url": "https://issues.apache.org/jira/browse/AVRO-3819"
}
],
"release_date": "2023-09-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK"
},
{
"cve": "CVE-2024-28752",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270732"
}
],
"notes": [
{
"category": "description",
"text": "A server-side request forgery (SSRF) vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as an Important impact due to the fact this requires Aegis databind, which is not the default databinding for Apache CXF.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-28752"
},
{
"category": "external",
"summary": "RHBZ#2270732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-28752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28752"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-qmgx-j96g-4428",
"url": "https://github.com/advisories/GHSA-qmgx-j96g-4428"
}
],
"release_date": "2024-03-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. Please make sure to update as the fixes become available.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding"
},
{
"cve": "CVE-2024-47561",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2024-10-02T14:04:06.018000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316116"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47561"
},
{
"category": "external",
"summary": "RHBZ#2316116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316116"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47561",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47561"
}
],
"release_date": "2024-10-03T12:20:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
},
{
"category": "workaround",
"details": "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)"
}
]
}
RHSA-2024:10208
Vulnerability from csaf_redhat - Published: 2024-11-25 00:12 - Updated: 2026-06-10 08:36Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.8 on RHEL 7 security update
Severity
Important
Notes
Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.1.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.1.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible [eap-7.1.z] (CVE-2020-28052)
* hsqldb: Untrusted input may lead to RCE attack [eap-7.1.z] (CVE-2022-41853)
* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [eap-7.1.z] (CVE-2024-28752)
* h2: Loading of custom classes from remote servers through JNDI [eap-7.1.z] (CVE-2022-23221)
* CXF: Apache CXF: SSRF Vulnerability [eap-7.1.z] (CVE-2022-46364)
* xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.1.z] (CVE-2022-34169)
* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging [eap-7.1.z] (CVE-2023-26464)
* xnio: StackOverflowException when the chain of notifier states becomes problematically big [eap-7.1.z] (CVE-2023-5685)
* server: eap-7: heap exhaustion via deserialization [eap-7.1.z] (CVE-2023-3171)
* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling [eap-7.1.z] (CVE-2020-7238)
* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK [eap-7.1.z] (CVE-2023-39410)
* avro: apache-avro: Schema parsing may trigger Remote Code Execution (RCE) [eap-7.1.z] (CVE-2024-47561)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling.
7.5 (High)
Affected products
Fixed
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in bouncycastle. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.
9.8 (Critical)
Affected products
Fixed
2 products
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src | — |
Threats
Impact
Important
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
7.5 (High)
Affected products
Fixed
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.
9.8 (Critical)
Affected products
Fixed
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
9.8 (Critical)
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src | — |
Threats
Impact
Important
A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.
7.5 (High)
Affected products
Fixed
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).
7.5 (High)
Affected products
Fixed
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.
7.5 (High)
Affected products
Fixed
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.
7.5 (High)
Affected products
Fixed
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A server-side request forgery (SSRF) vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted.
7.4 (High)
Affected products
Fixed
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute.
8.8 (High)
Affected products
Fixed
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Critical
References
75 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7.\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.1.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.1.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible [eap-7.1.z] (CVE-2020-28052)\n\n* hsqldb: Untrusted input may lead to RCE attack [eap-7.1.z] (CVE-2022-41853)\n\n* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [eap-7.1.z] (CVE-2024-28752)\n\n* h2: Loading of custom classes from remote servers through JNDI [eap-7.1.z] (CVE-2022-23221)\n\n* CXF: Apache CXF: SSRF Vulnerability [eap-7.1.z] (CVE-2022-46364)\n\n* xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.1.z] (CVE-2022-34169)\n\n* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging [eap-7.1.z] (CVE-2023-26464)\n\n* xnio: StackOverflowException when the chain of notifier states becomes problematically big [eap-7.1.z] (CVE-2023-5685)\n\n* server: eap-7: heap exhaustion via deserialization [eap-7.1.z] (CVE-2023-3171)\n\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling [eap-7.1.z] (CVE-2020-7238)\n\n* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK [eap-7.1.z] (CVE-2023-39410)\n\n* avro: apache-avro: Schema parsing may trigger Remote Code Execution (RCE) [eap-7.1.z] (CVE-2024-47561)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:10208",
"url": "https://access.redhat.com/errata/RHSA-2024:10208"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "1796225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796225"
},
{
"category": "external",
"summary": "1912881",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912881"
},
{
"category": "external",
"summary": "2044596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596"
},
{
"category": "external",
"summary": "2108554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108554"
},
{
"category": "external",
"summary": "2136141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136141"
},
{
"category": "external",
"summary": "2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "2182864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864"
},
{
"category": "external",
"summary": "2213639",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639"
},
{
"category": "external",
"summary": "2241822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241822"
},
{
"category": "external",
"summary": "2242521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242521"
},
{
"category": "external",
"summary": "2270732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270732"
},
{
"category": "external",
"summary": "2316116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316116"
},
{
"category": "external",
"summary": "JBEAP-27708",
"url": "https://issues.redhat.com/browse/JBEAP-27708"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10208.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.8 on RHEL 7 security update",
"tracking": {
"current_release_date": "2026-06-10T08:36:57+00:00",
"generator": {
"date": "2026-06-10T08:36:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2024:10208",
"initial_release_date": "2024-11-25T00:12:13+00:00",
"revision_history": [
{
"date": "2024-11-25T00:12:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-11-25T00:12:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-10T08:36:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"product": {
"name": "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"product_id": "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.8.11.6-1.SP1_redhat_00001.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"product_id": "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.5.10-1.Final_redhat_00001.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"product": {
"name": "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"product_id": "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-avro@1.7.6-2.redhat_00003.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src",
"product": {
"name": "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src",
"product_id": "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-26.redhat_00015.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"product": {
"name": "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"product_id": "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.1.16-3.SP1_redhat_00001.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"product": {
"name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"product_id": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.15-1.Final_redhat_00001.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"product": {
"name": "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"product_id": "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle@1.68.0-1.redhat_00005.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"product": {
"name": "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"product_id": "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00005.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"product": {
"name": "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"product_id": "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.1.8-2.GA_redhat_00002.1.ep7.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.8.11.6-1.SP1_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.5.10-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"product": {
"name": "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"product_id": "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-avro@1.7.6-2.redhat_00003.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"product": {
"name": "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"product_id": "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-26.redhat_00015.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.1.16-3.SP1_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.1.16-3.SP1_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.1.16-3.SP1_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.1.16-3.SP1_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.15-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.15-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"product": {
"name": "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"product_id": "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle@1.68.0-1.redhat_00005.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"product": {
"name": "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"product_id": "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle-mail@1.68.0-1.redhat_00005.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"product": {
"name": "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"product_id": "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle-pkix@1.68.0-1.redhat_00005.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"product": {
"name": "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"product_id": "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-bouncycastle-prov@1.68.0-1.redhat_00005.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"product": {
"name": "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"product_id": "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00005.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.1.8-2.GA_redhat_00002.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.1.8-2.GA_redhat_00002.1.ep7.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src"
},
"product_reference": "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch"
},
"product_reference": "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src"
},
"product_reference": "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch"
},
"product_reference": "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src"
},
"product_reference": "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch"
},
"product_reference": "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch"
},
"product_reference": "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch"
},
"product_reference": "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch"
},
"product_reference": "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src"
},
"product_reference": "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src"
},
"product_reference": "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src"
},
"product_reference": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src"
},
"product_reference": "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch"
},
"product_reference": "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
},
"product_reference": "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-7238",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2020-01-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1796225"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that the previous vulnerability, CVE-2019-16869, does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit both these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships vulnerable netty version embedded in Candlepin, however, is not directly vulnerable since HTTP requests are handled by Tomcat and not netty.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-7238"
},
{
"category": "external",
"summary": "RHBZ#1796225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796225"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7238",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7238"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7238",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7238"
},
{
"category": "external",
"summary": "https://netty.io/news/2019/12/18/4-1-44-Final.html",
"url": "https://netty.io/news/2019/12/18/4-1-44-Final.html"
}
],
"release_date": "2020-01-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:13+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10208"
},
{
"category": "workaround",
"details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling"
},
{
"cve": "CVE-2020-28052",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2021-01-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1912881"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in bouncycastle. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28052"
},
{
"category": "external",
"summary": "RHBZ#1912881",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912881"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28052",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28052"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28052",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28052"
}
],
"release_date": "2020-12-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:13+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10208"
},
{
"category": "workaround",
"details": "Users unable to upgrade to version 1.67 or greater can copy the `OpenBSDBCrypt.doCheckPassword()` method implementation (https://github.com/bcgit/bc-java/blob/r1rv67/core/src/main/java/org/bouncycastle/crypto/generators/OpenBSDBCrypt.java#L259-L343) into their own utility class and supplement it with the required methods and variables as required",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible"
},
{
"cve": "CVE-2022-23221",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-01-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044596"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "h2: Loading of custom classes from remote servers through JNDI",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src"
],
"known_not_affected": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23221"
},
{
"category": "external",
"summary": "RHBZ#2044596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23221"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-45hx-wfhj-473x",
"url": "https://github.com/advisories/GHSA-45hx-wfhj-473x"
}
],
"release_date": "2022-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:13+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10208"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "h2: Loading of custom classes from remote servers through JNDI"
},
{
"cve": "CVE-2022-34169",
"cwe": {
"id": "CWE-192",
"name": "Integer Coercion Error"
},
"discovery_date": "2022-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2108554"
}
],
"notes": [
{
"category": "description",
"text": "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-34169"
},
{
"category": "external",
"summary": "RHBZ#2108554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108554"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-34169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34169"
}
],
"release_date": "2022-07-19T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:13+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10208"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)"
},
{
"cve": "CVE-2022-41853",
"cwe": {
"id": "CWE-470",
"name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)"
},
"discovery_date": "2022-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2136141"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hsqldb: Untrusted input may lead to RCE attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41853"
},
{
"category": "external",
"summary": "RHBZ#2136141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136141"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41853",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41853"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41853",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41853"
},
{
"category": "external",
"summary": "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control",
"url": "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-77xx-rxvh-q682",
"url": "https://github.com/advisories/GHSA-77xx-rxvh-q682"
}
],
"release_date": "2022-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:13+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10208"
},
{
"category": "workaround",
"details": "By default, the static methods of any class that is on the classpath are available for use and can compromise security in some systems. The optional Java system property, hsqldb.method_class_names, allows preventing access to classes other than java.lang.Math or specifying a semicolon-separated list of allowed classes. A property value that ends with .* is treated as a wild card and allows access to all class or method names formed by substitution of the * (asterisk).\n\nIn the example below, the property has been included as an argument to the Java command.\n\n java -Dhsqldb.method_class_names=\"org.me.MyClass;org.you.YourClass;org.you.lib.*\" [the rest of the command line]\n\nThe above example allows access to the methods in the two classes: org.me.MyClass and org.you.YourClass together with all the classes in the org.you.lib package. Note that if the property is not defined, no access control is performed at this level.\n\nThe user who creates a Java routine must have the relevant access privileges on the tables that are used inside the Java method.\n\nOnce the routine has been defined, the normal database access control applies to its user. The routine can be executed only by those users who have been granted EXECUTE privileges on it. Access to routines can be granted to users with GRANT EXECUTE or GRANT ALL. For example, GRANT EXECUTE ON myroutine TO PUBLIC.\n\nIn hsqldb 2.7.1, all classes by default are not accessible, except those in java.lang.Math and need to be manually enabled.",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "hsqldb: Untrusted input may lead to RCE attack"
},
{
"cve": "CVE-2022-46364",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155682"
}
],
"notes": [
{
"category": "description",
"text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: SSRF Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46364"
},
{
"category": "external",
"summary": "RHBZ#2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:13+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10208"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CXF: SSRF Vulnerability"
},
{
"cve": "CVE-2023-3171",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"discovery_date": "2023-04-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2213639"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eap-7: heap exhaustion via deserialization",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-3171"
},
{
"category": "external",
"summary": "RHBZ#2213639",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3171"
}
],
"release_date": "2023-10-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:13+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10208"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "eap-7: heap exhaustion via deserialization"
},
{
"cve": "CVE-2023-5685",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2241822"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xnio: StackOverflowException when the chain of notifier states becomes problematically big",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this vulnerability as an Important impact as the uncontrolled resource consumption may lead to Denial of Service (DoS). This might be intentioned by an attacker who is looking to jeopardize an environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5685"
},
{
"category": "external",
"summary": "RHBZ#2241822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5685",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5685"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:13+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10208"
},
{
"category": "workaround",
"details": "There is currently no mitigation available for this vulnerability. Please keep the packages up-to-date as the updates become available.",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xnio: StackOverflowException when the chain of notifier states becomes problematically big"
},
{
"cve": "CVE-2023-26464",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182864"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j1-socketappender: DoS via hashmap logging",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 security impacts have been reduced to Low as they do not enable the vulnerable JDK by default.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26464"
},
{
"category": "external",
"summary": "RHBZ#2182864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26464"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464"
},
{
"category": "external",
"summary": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464",
"url": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464"
}
],
"release_date": "2023-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:13+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10208"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "log4j1-socketappender: DoS via hashmap logging"
},
{
"cve": "CVE-2023-39410",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2023-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242521"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39410"
},
{
"category": "external",
"summary": "RHBZ#2242521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242521"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/AVRO-3819",
"url": "https://issues.apache.org/jira/browse/AVRO-3819"
}
],
"release_date": "2023-09-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:13+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10208"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK"
},
{
"cve": "CVE-2024-28752",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270732"
}
],
"notes": [
{
"category": "description",
"text": "A server-side request forgery (SSRF) vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as an Important impact due to the fact this requires Aegis databind, which is not the default databinding for Apache CXF.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-28752"
},
{
"category": "external",
"summary": "RHBZ#2270732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-28752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28752"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-qmgx-j96g-4428",
"url": "https://github.com/advisories/GHSA-qmgx-j96g-4428"
}
],
"release_date": "2024-03-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:13+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10208"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. Please make sure to update as the fixes become available.",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding"
},
{
"cve": "CVE-2024-47561",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2024-10-02T14:04:06.018000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316116"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47561"
},
{
"category": "external",
"summary": "RHBZ#2316116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316116"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47561",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47561"
}
],
"release_date": "2024-10-03T12:20:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:13+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10208"
},
{
"category": "workaround",
"details": "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)"
}
]
}
RHSA-2024_10207
Vulnerability from csaf_redhat - Published: 2024-11-25 00:12 - Updated: 2024-12-17 23:06Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.11 Security update
Severity
Important
Notes
Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.11 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.10, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.11 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [eap-7.3.z] (CVE-2024-28752)
* h2: Loading of custom classes from remote servers through JNDI [eap-7.3.z] (CVE-2022-23221)
* log4j: Unsafe deserialization flaw in Chainsaw log viewer [eap-7.3.z] (CVE-2022-23307)
* log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender [eap-7.3.z] (CVE-2022-23305)
* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender [eap-7.3.z] (CVE-2021-4104)
* CXF: Apache CXF: SSRF Vulnerability [eap-7.3.z] (CVE-2022-46364)
* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging [eap-7.3.z] (CVE-2023-26464)
* xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.3.z] (CVE-2022-34169)
* xnio: StackOverflowException when the chain of notifier states becomes problematically big [eap-7.3.z] (CVE-2023-5685)
* hsqldb: Untrusted input may lead to RCE attack [eap-7.3.z] (CVE-2022-41853)
* server: eap-7: heap exhaustion via deserialization [eap-7.3.z] (CVE-2023-3171)
* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK [eap-7.3.z] (CVE-2023-39410)
* undertow: client side invocation timeout raised when calling EJB over HTTP and HTTP2 [eap-7.3.z] (CVE-2021-3859)
* avro: apache-avro: Schema parsing may trigger Remote Code Execution (RCE) [eap-7.3.z] (CVE-2024-47561)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
7.5 (High)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JNDI LDAP endpoint.
7.5 (High)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.
9.8 (Critical)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain interpolation tokens.
8.8 (High)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run.
8.8 (High)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
7.5 (High)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.
9.8 (Critical)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
9.8 (Critical)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.
7.5 (High)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).
7.5 (High)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.
7.5 (High)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.
7.5 (High)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A server-side request forgery (SSRF) vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted.
7.4 (High)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute.
8.8 (High)
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Critical
References
93 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.11 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.10, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.11 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [eap-7.3.z] (CVE-2024-28752)\n\n* h2: Loading of custom classes from remote servers through JNDI [eap-7.3.z] (CVE-2022-23221)\n\n* log4j: Unsafe deserialization flaw in Chainsaw log viewer [eap-7.3.z] (CVE-2022-23307)\n\n* log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender [eap-7.3.z] (CVE-2022-23305)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender [eap-7.3.z] (CVE-2021-4104)\n\n* CXF: Apache CXF: SSRF Vulnerability [eap-7.3.z] (CVE-2022-46364)\n\n* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging [eap-7.3.z] (CVE-2023-26464)\n\n* xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.3.z] (CVE-2022-34169)\n\n* xnio: StackOverflowException when the chain of notifier states becomes problematically big [eap-7.3.z] (CVE-2023-5685)\n\n* hsqldb: Untrusted input may lead to RCE attack [eap-7.3.z] (CVE-2022-41853)\n\n* server: eap-7: heap exhaustion via deserialization [eap-7.3.z] (CVE-2023-3171)\n\n* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK [eap-7.3.z] (CVE-2023-39410)\n\n* undertow: client side invocation timeout raised when calling EJB over HTTP and HTTP2 [eap-7.3.z] (CVE-2021-3859)\n\n* avro: apache-avro: Schema parsing may trigger Remote Code Execution (RCE) [eap-7.3.z] (CVE-2024-47561)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:10207",
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "2010378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010378"
},
{
"category": "external",
"summary": "2031667",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667"
},
{
"category": "external",
"summary": "2041959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041959"
},
{
"category": "external",
"summary": "2041967",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041967"
},
{
"category": "external",
"summary": "2044596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596"
},
{
"category": "external",
"summary": "2108554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108554"
},
{
"category": "external",
"summary": "2136141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136141"
},
{
"category": "external",
"summary": "2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "2182864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864"
},
{
"category": "external",
"summary": "2213639",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639"
},
{
"category": "external",
"summary": "2241822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241822"
},
{
"category": "external",
"summary": "2242521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242521"
},
{
"category": "external",
"summary": "2270732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270732"
},
{
"category": "external",
"summary": "2316116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316116"
},
{
"category": "external",
"summary": "JBEAP-23025",
"url": "https://issues.redhat.com/browse/JBEAP-23025"
},
{
"category": "external",
"summary": "JBEAP-28084",
"url": "https://issues.redhat.com/browse/JBEAP-28084"
},
{
"category": "external",
"summary": "JBEAP-28089",
"url": "https://issues.redhat.com/browse/JBEAP-28089"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10207.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.11 Security update",
"tracking": {
"current_release_date": "2024-12-17T23:06:37+00:00",
"generator": {
"date": "2024-12-17T23:06:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:10207",
"initial_release_date": "2024-11-25T00:12:17+00:00",
"revision_history": [
{
"date": "2024-11-25T00:12:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-11-25T00:12:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T23:06:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.15-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"product_id": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.13-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"product_id": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-avro@1.7.6-8.redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"product_id": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j@2.3.3-2.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src",
"product_id": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xml-security@2.2.3-2.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"product": {
"name": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"product_id": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-38.redhat_00015.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"product_id": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-log4j-jboss-logmanager@1.2.2-2.Final_redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"product": {
"name": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"product_id": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-3.redhat_00004.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-4.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-12.Final_redhat_00013.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.11-4.GA_redhat_00002.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.13-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"product_id": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-avro@1.7.6-8.redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j@2.3.3-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j-bindings@2.3.3-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j-policy@2.3.3-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-common@2.3.3-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-dom@2.3.3-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-policy-stax@2.3.3-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-stax@2.3.3-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xml-security@2.2.3-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"product": {
"name": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"product_id": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-38.redhat_00015.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-log4j-jboss-logmanager@1.2.2-2.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"product_id": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-3.redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-4.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src"
},
"product_reference": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch"
},
"product_reference": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src"
},
"product_reference": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3859",
"cwe": {
"id": "CWE-214",
"name": "Invocation of Process Using Visible Sensitive Information"
},
"discovery_date": "2021-09-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2010378"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: client side invocation timeout raised when calling over HTTP2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3859"
},
{
"category": "external",
"summary": "RHBZ#2010378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010378"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3859",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3859"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3859",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3859"
}
],
"release_date": "2022-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: client side invocation timeout raised when calling over HTTP2"
},
{
"cve": "CVE-2021-4104",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-12-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2031667"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker\u0027s JNDI LDAP endpoint.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Based on the conditions to be exploitable (see details below), the risk is much lower than Log4j 2.x and Red Hat has assessed this to be Moderate severity. This flaw has been filed for Log4j 1.x, and the corresponding flaw information for Log4j 2.x is available at: https://access.redhat.com/security/cve/CVE-2021-44228\n\nNote this flaw ONLY affects applications which are specifically configured to use JMSAppender, which is not the default, or when the attacker has write access to the Log4j configuration for adding JMSAppender to the attacker\u0027s JNDI LDAP endpoint. \n\nIf the Log4j configuration is set TopicBindingName or TopicConnectionFactoryBindingName configurations allowing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228 Log4j 2.x, Log4j 1.x is vulnerable. However, the attack vector is reduced as it depends on having write access, which is not a standard configuration rather than untrusted user input. These are sufficient factors beyond the attacker\u0027s control.\n\nThe tomcat package shipped with Red Hat Enterprise Linux does not include log4j but it does include a default configuration for log4j, log4j.properties, which could be used with tomcat if users choose to install and configure the library. The JMSAppender is not enabled by default, and the permissions of the file can only be modified as root.\n\nRed Hat Virtualization ships log4j12-1.2.17, but it is used and configured in a way which makes this flaw not possible to exploit. Therefore impact is rated Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4104"
},
{
"category": "external",
"summary": "RHBZ#2031667",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667"
},
{
"category": "external",
"summary": "RHSB-2021-009",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4104",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4104"
},
{
"category": "external",
"summary": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126",
"url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126"
},
{
"category": "external",
"summary": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301",
"url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx",
"url": "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2021/12/13/1",
"url": "https://www.openwall.com/lists/oss-security/2021/12/13/1"
}
],
"release_date": "2021-12-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
},
{
"category": "workaround",
"details": "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JMSAppender in the Log4j configuration if it is used\n- Remove the JMSAppender class from the classpath. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/net/JMSAppender.class\n```\n- Restrict access for the OS user on the platform running the application to prevent modifying the Log4j configuration by the attacker.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender"
},
{
"cve": "CVE-2022-23221",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044596"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "h2: Loading of custom classes from remote servers through JNDI",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23221"
},
{
"category": "external",
"summary": "RHBZ#2044596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23221"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-45hx-wfhj-473x",
"url": "https://github.com/advisories/GHSA-45hx-wfhj-473x"
}
],
"release_date": "2022-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "h2: Loading of custom classes from remote servers through JNDI"
},
{
"cve": "CVE-2022-23305",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2022-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2041959"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain interpolation tokens.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization and OpenShift Container Platform in the OCP Metering stack (the Hive/Presto/Hadoop components) ship a vulnerable version of the log4j package, however JDBCAppender is not used. Therefore the impact of this vulnerability for these products is rated Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23305"
},
{
"category": "external",
"summary": "RHBZ#2041959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23305"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23305",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23305"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2022/01/18/4",
"url": "https://www.openwall.com/lists/oss-security/2022/01/18/4"
}
],
"release_date": "2022-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
},
{
"category": "workaround",
"details": "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JDBCAppender in the Log4j configuration if it is used\n- Remove the JDBCAppender class from the server\u0027s jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/jdbc/JDBCAppender.class\n```",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender"
},
{
"cve": "CVE-2022-23307",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2041967"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j: Unsafe deserialization flaw in Chainsaw log viewer",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Chainsaw is a standalone graphical user interface for viewing log entries in log4j. This flaw may be bypassed by using other available means to access log entries.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization ships a vulnerable version of the log4j package, however chainsaw is not part of typical use cases. An attacker looking to exploit this would need to not only be able to generate a malicious log entry, but also have the necessary access and permissions to start chainsaw on the engine node. Therefore the impact of this vulnerability for Red Hat Virtualization is rated Low.\n\nSimilar to Red Hat Virtualization in OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of log4j package, however vulnerable chainsaw component is not used by default. Therefore the impact to OCP is reduced to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23307"
},
{
"category": "external",
"summary": "RHBZ#2041967",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041967"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23307"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23307",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23307"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2022/01/18/5",
"url": "https://www.openwall.com/lists/oss-security/2022/01/18/5"
}
],
"release_date": "2022-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
},
{
"category": "workaround",
"details": "These are the mitigations available for this flaw for log4j 1.x:\n- Avoid using Chainsaw to view logs, and instead use some other utility, especially if there is a log view available within the product itself.\n- Remove the Chainsaw classes from the log4j jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/chainsaw/*\n```\n(log4j jars may be nested in zip archives within product)",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "log4j: Unsafe deserialization flaw in Chainsaw log viewer"
},
{
"cve": "CVE-2022-34169",
"cwe": {
"id": "CWE-192",
"name": "Integer Coercion Error"
},
"discovery_date": "2022-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2108554"
}
],
"notes": [
{
"category": "description",
"text": "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-34169"
},
{
"category": "external",
"summary": "RHBZ#2108554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108554"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-34169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34169"
}
],
"release_date": "2022-07-19T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)"
},
{
"cve": "CVE-2022-41853",
"cwe": {
"id": "CWE-470",
"name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)"
},
"discovery_date": "2022-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2136141"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hsqldb: Untrusted input may lead to RCE attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41853"
},
{
"category": "external",
"summary": "RHBZ#2136141",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136141"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41853",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41853"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41853",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41853"
},
{
"category": "external",
"summary": "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control",
"url": "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-77xx-rxvh-q682",
"url": "https://github.com/advisories/GHSA-77xx-rxvh-q682"
}
],
"release_date": "2022-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
},
{
"category": "workaround",
"details": "By default, the static methods of any class that is on the classpath are available for use and can compromise security in some systems. The optional Java system property, hsqldb.method_class_names, allows preventing access to classes other than java.lang.Math or specifying a semicolon-separated list of allowed classes. A property value that ends with .* is treated as a wild card and allows access to all class or method names formed by substitution of the * (asterisk).\n\nIn the example below, the property has been included as an argument to the Java command.\n\n java -Dhsqldb.method_class_names=\"org.me.MyClass;org.you.YourClass;org.you.lib.*\" [the rest of the command line]\n\nThe above example allows access to the methods in the two classes: org.me.MyClass and org.you.YourClass together with all the classes in the org.you.lib package. Note that if the property is not defined, no access control is performed at this level.\n\nThe user who creates a Java routine must have the relevant access privileges on the tables that are used inside the Java method.\n\nOnce the routine has been defined, the normal database access control applies to its user. The routine can be executed only by those users who have been granted EXECUTE privileges on it. Access to routines can be granted to users with GRANT EXECUTE or GRANT ALL. For example, GRANT EXECUTE ON myroutine TO PUBLIC.\n\nIn hsqldb 2.7.1, all classes by default are not accessible, except those in java.lang.Math and need to be manually enabled.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "hsqldb: Untrusted input may lead to RCE attack"
},
{
"cve": "CVE-2022-46364",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155682"
}
],
"notes": [
{
"category": "description",
"text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: SSRF Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46364"
},
{
"category": "external",
"summary": "RHBZ#2155682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CXF: SSRF Vulnerability"
},
{
"cve": "CVE-2023-3171",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"discovery_date": "2023-04-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2213639"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eap-7: heap exhaustion via deserialization",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-3171"
},
{
"category": "external",
"summary": "RHBZ#2213639",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3171"
}
],
"release_date": "2023-10-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "eap-7: heap exhaustion via deserialization"
},
{
"cve": "CVE-2023-5685",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2241822"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xnio: StackOverflowException when the chain of notifier states becomes problematically big",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this vulnerability as an Important impact as the uncontrolled resource consumption may lead to Denial of Service (DoS). This might be intentioned by an attacker who is looking to jeopardize an environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5685"
},
{
"category": "external",
"summary": "RHBZ#2241822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5685",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5685"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
},
{
"category": "workaround",
"details": "There is currently no mitigation available for this vulnerability. Please keep the packages up-to-date as the updates become available.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xnio: StackOverflowException when the chain of notifier states becomes problematically big"
},
{
"cve": "CVE-2023-26464",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182864"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j1-socketappender: DoS via hashmap logging",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 security impacts have been reduced to Low as they do not enable the vulnerable JDK by default.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26464"
},
{
"category": "external",
"summary": "RHBZ#2182864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26464"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464"
},
{
"category": "external",
"summary": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464",
"url": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464"
}
],
"release_date": "2023-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "log4j1-socketappender: DoS via hashmap logging"
},
{
"cve": "CVE-2023-39410",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2023-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242521"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39410"
},
{
"category": "external",
"summary": "RHBZ#2242521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242521"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410"
},
{
"category": "external",
"summary": "https://issues.apache.org/jira/browse/AVRO-3819",
"url": "https://issues.apache.org/jira/browse/AVRO-3819"
}
],
"release_date": "2023-09-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK"
},
{
"cve": "CVE-2024-28752",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270732"
}
],
"notes": [
{
"category": "description",
"text": "A server-side request forgery (SSRF) vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as an Important impact due to the fact this requires Aegis databind, which is not the default databinding for Apache CXF.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-28752"
},
{
"category": "external",
"summary": "RHBZ#2270732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-28752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28752"
},
{
"category": "external",
"summary": "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt",
"url": "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-qmgx-j96g-4428",
"url": "https://github.com/advisories/GHSA-qmgx-j96g-4428"
}
],
"release_date": "2024-03-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. Please make sure to update as the fixes become available.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding"
},
{
"cve": "CVE-2024-47561",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2024-10-02T14:04:06.018000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316116"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47561"
},
{
"category": "external",
"summary": "RHBZ#2316116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316116"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47561",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47561"
}
],
"release_date": "2024-10-03T12:20:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-25T00:12:17+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10207"
},
{
"category": "workaround",
"details": "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…