Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-26464
Vulnerability from cvelistv5
Published
2023-03-10 13:38
Modified
2024-10-23 16:40
Severity ?
EPSS score ?
Summary
** UNSUPPORTED WHEN ASSIGNED **
When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested)
hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.
This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Log4j |
Version: 1.0.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:53:52.958Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230505-0008/" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "log4j", "vendor": "apache", "versions": [ { "lessThan": "2.0", "status": "affected", "version": "1.0.4", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-26464", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T16:39:52.195542Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-23T16:40:55.981Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Apache Log4j", "vendor": "Apache Software Foundation", "versions": [ { "lessThan": "2", "status": "affected", "version": "1.0.4", "versionType": "maven" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "2", "versionType": "maven" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "Garrett Tucker of Red Hat" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003e** UNSUPPORTED WHEN ASSIGNED **\u003c/div\u003e\u003cdiv\u003eWhen using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) \nhashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.\u003c/div\u003e\u003cdiv\u003eThis issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.\u003c/div\u003e\u003cdiv\u003eNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\u003cbr\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e" } ], "value": "** UNSUPPORTED WHEN ASSIGNED **\n\nWhen using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) \nhashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.\n\nThis issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\n\n\n" } ], "metrics": [ { "other": { "content": { "text": "low" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-20T07:55:41.272Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t" }, { "url": "https://security.netapp.com/advisory/ntap-20230505-0008/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2023-26464", "datePublished": "2023-03-10T13:38:16.190Z", "dateReserved": "2023-02-23T16:15:06.902Z", "dateUpdated": "2024-10-23T16:40:55.981Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-26464\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2023-03-10T14:15:10.453\",\"lastModified\":\"2024-11-21T07:51:33.113\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"** UNSUPPORTED WHEN ASSIGNED **\\n\\nWhen using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) \\nhashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.\\n\\nThis issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.\\n\\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\\n\\n\\n\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.4\",\"versionEndExcluding\":\"2.0\",\"matchCriteriaId\":\"CA680396-534B-4D0E-8F7F-F504B3E032A2\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230505-0008/\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230505-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
gsd-2023-26464
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
** UNSUPPORTED WHEN ASSIGNED **
When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested)
hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.
This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2023-26464", "id": "GSD-2023-26464", "references": [ "https://www.suse.com/security/cve/CVE-2023-26464.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2023-26464" ], "details": "** UNSUPPORTED WHEN ASSIGNED **\n\nWhen using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) \nhashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.\n\nThis issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\n\n\n", "id": "GSD-2023-26464", "modified": "2023-12-13T01:20:54.176629Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2023-26464", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Log4j", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unknown", "versions": [ { "lessThan": "2", "status": "affected", "version": "1.0.4", "versionType": "maven" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "2", "versionType": "maven" } ] } } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "credits": [ { "lang": "en", "value": "Garrett Tucker of Red Hat" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "** UNSUPPORTED WHEN ASSIGNED **\n\nWhen using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) \nhashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.\n\nThis issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\n\n\n" } ] }, "generator": { "engine": "Vulnogram 0.1.0-dev" }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-502", "lang": "eng", "value": "CWE-502 Deserialization of Untrusted Data" } ] } ] }, "references": { "reference_data": [ { "name": "https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t", "refsource": "MISC", "url": "https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t" }, { "name": "https://security.netapp.com/advisory/ntap-20230505-0008/", "refsource": "MISC", "url": "https://security.netapp.com/advisory/ntap-20230505-0008/" } ] }, "source": { "discovery": "UNKNOWN" } }, "gitlab.com": { "advisories": [ { "affected_range": "[1.0.4,2.0)", "affected_versions": "All versions starting from 1.0.4 before 2.0", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-502", "CWE-937" ], "date": "2023-05-05", "description": "** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.", "fixed_versions": [ "2.0" ], "identifier": "CVE-2023-26464", "identifiers": [ "CVE-2023-26464" ], "not_impacted": "All versions starting from 2.0", "package_slug": "maven/log4j/log4j", "pubdate": "2023-03-10", "solution": "Upgrade to version 2.0 or above.", "title": "Deserialization of Untrusted Data", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", "https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t" ], "uuid": "bd6f4c28-58c8-426e-80d2-20bbee6534d7" }, { "affected_range": "[1.0.4,2.0)", "affected_versions": "All versions starting from 1.0.4 before 2.0", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-502", "CWE-937" ], "date": "2023-05-05", "description": "** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.", "fixed_versions": [ "2.0" ], "identifier": "CVE-2023-26464", "identifiers": [ "CVE-2023-26464", "GHSA-vp98-w2p3-mv35" ], "not_impacted": "All versions before 1.0.4, all versions starting from 2.0", "package_slug": "maven/org.apache.logging.log4j/log4j-core", "pubdate": "2023-03-10", "solution": "Upgrade to version 2.0 or above.", "title": "Uncontrolled Resource Consumption", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", "https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t", "https://github.com/advisories/GHSA-vp98-w2p3-mv35" ], "uuid": "efde2011-549d-4897-aaf3-e176cd8407c6" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0", "versionStartIncluding": "1.0.4", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2023-26464" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED **\n\nWhen using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) \nhashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.\n\nThis issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\n\n\n" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-502" } ] } ] }, "references": { "reference_data": [ { "name": "https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t", "refsource": "MISC", "tags": [ "Mailing List" ], "url": "https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t" }, { "name": "https://security.netapp.com/advisory/ntap-20230505-0008/", "refsource": "MISC", "tags": [], "url": "https://security.netapp.com/advisory/ntap-20230505-0008/" } ] } }, "impact": { "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } }, "lastModifiedDate": "2023-05-05T20:15Z", "publishedDate": "2023-03-10T14:15Z" } } }
rhsa-2024_10208
Vulnerability from csaf_redhat
Published
2024-11-25 00:12
Modified
2024-12-17 23:06
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.8 on RHEL 7 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.1.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.1.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible [eap-7.1.z] (CVE-2020-28052)
* hsqldb: Untrusted input may lead to RCE attack [eap-7.1.z] (CVE-2022-41853)
* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [eap-7.1.z] (CVE-2024-28752)
* h2: Loading of custom classes from remote servers through JNDI [eap-7.1.z] (CVE-2022-23221)
* CXF: Apache CXF: SSRF Vulnerability [eap-7.1.z] (CVE-2022-46364)
* xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.1.z] (CVE-2022-34169)
* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging [eap-7.1.z] (CVE-2023-26464)
* xnio: StackOverflowException when the chain of notifier states becomes problematically big [eap-7.1.z] (CVE-2023-5685)
* server: eap-7: heap exhaustion via deserialization [eap-7.1.z] (CVE-2023-3171)
* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling [eap-7.1.z] (CVE-2020-7238)
* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK [eap-7.1.z] (CVE-2023-39410)
* avro: apache-avro: Schema parsing may trigger Remote Code Execution (RCE) [eap-7.1.z] (CVE-2024-47561)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7.\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.1.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.1.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible [eap-7.1.z] (CVE-2020-28052)\n\n* hsqldb: Untrusted input may lead to RCE attack [eap-7.1.z] (CVE-2022-41853)\n\n* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [eap-7.1.z] (CVE-2024-28752)\n\n* h2: Loading of custom classes from remote servers through JNDI [eap-7.1.z] (CVE-2022-23221)\n\n* CXF: Apache CXF: SSRF Vulnerability [eap-7.1.z] (CVE-2022-46364)\n\n* xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.1.z] (CVE-2022-34169)\n\n* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging [eap-7.1.z] (CVE-2023-26464)\n\n* xnio: StackOverflowException when the chain of notifier states becomes problematically big [eap-7.1.z] (CVE-2023-5685)\n\n* server: eap-7: heap exhaustion via deserialization [eap-7.1.z] (CVE-2023-3171)\n\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling [eap-7.1.z] (CVE-2020-7238)\n\n* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK [eap-7.1.z] (CVE-2023-39410)\n\n* avro: apache-avro: Schema parsing may trigger Remote Code Execution (RCE) [eap-7.1.z] (CVE-2024-47561)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:10208", "url": "https://access.redhat.com/errata/RHSA-2024:10208" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1", "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1" }, { "category": "external", "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index", "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index" }, { "category": "external", "summary": "1796225", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796225" }, { "category": "external", "summary": "1912881", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912881" }, { "category": "external", "summary": "2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "2108554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108554" }, { "category": "external", "summary": "2136141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136141" }, { "category": "external", "summary": "2155682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682" }, { "category": "external", "summary": "2182864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864" }, { "category": "external", "summary": "2213639", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639" }, { "category": "external", "summary": "2241822", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241822" }, { "category": "external", "summary": "2242521", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242521" }, { "category": "external", "summary": "2270732", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270732" }, { "category": "external", "summary": "2316116", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316116" }, { "category": "external", "summary": "JBEAP-27708", "url": "https://issues.redhat.com/browse/JBEAP-27708" }, { "category": "external", "summary": "JBEAP-28086", "url": "https://issues.redhat.com/browse/JBEAP-28086" }, { "category": "external", "summary": "JBEAP-28130", "url": "https://issues.redhat.com/browse/JBEAP-28130" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10208.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.8 on RHEL 7 security update", "tracking": { "current_release_date": "2024-12-17T23:06:48+00:00", "generator": { "date": "2024-12-17T23:06:48+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2024:10208", "initial_release_date": "2024-11-25T00:12:13+00:00", "revision_history": [ { "date": "2024-11-25T00:12:13+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-11-25T00:12:13+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-17T23:06:48+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "product": { "name": "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "product_id": "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.8.11.6-1.SP1_redhat_00001.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "product": { "name": "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "product_id": "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.5.10-1.Final_redhat_00001.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "product": { "name": "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "product_id": "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-avro@1.7.6-2.redhat_00003.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", "product": { "name": "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", "product_id": "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-26.redhat_00015.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "product": { "name": "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "product_id": "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.1.16-3.SP1_redhat_00001.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "product": { "name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "product_id": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.15-1.Final_redhat_00001.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "product": { "name": "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "product_id": "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.68.0-1.redhat_00005.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "product": { "name": "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "product_id": "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00005.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "product": { "name": "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "product_id": "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.1.8-2.GA_redhat_00002.1.ep7.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "product": { "name": "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "product_id": "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.8.11.6-1.SP1_redhat_00001.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "product_id": "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.5.10-1.Final_redhat_00001.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "product": { "name": "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "product_id": "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-avro@1.7.6-2.redhat_00003.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "product": { "name": "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "product_id": "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-26.redhat_00015.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "product": { "name": "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "product_id": "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.1.16-3.SP1_redhat_00001.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "product": { "name": "eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "product_id": "eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.1.16-3.SP1_redhat_00001.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "product": { "name": "eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "product_id": "eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.1.16-3.SP1_redhat_00001.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "product": { "name": "eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "product_id": "eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.1.16-3.SP1_redhat_00001.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "product_id": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.15-1.Final_redhat_00001.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "product_id": "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.15-1.Final_redhat_00001.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "product": { "name": "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "product_id": "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.68.0-1.redhat_00005.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "product": { "name": "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "product_id": "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-mail@1.68.0-1.redhat_00005.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "product": { "name": "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "product_id": "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-pkix@1.68.0-1.redhat_00005.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "product": { "name": "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "product_id": "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-prov@1.68.0-1.redhat_00005.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "product": { "name": "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "product_id": "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00005.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "product": { "name": "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "product_id": "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.1.8-2.GA_redhat_00002.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "product": { "name": "eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "product_id": "eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.1.8-2.GA_redhat_00002.1.ep7.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch" }, "product_reference": "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src" }, "product_reference": "eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch" }, "product_reference": "eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch" }, "product_reference": "eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch" }, "product_reference": "eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch" }, "product_reference": "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src" }, "product_reference": "eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch" }, "product_reference": "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src" }, "product_reference": "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch" }, "product_reference": "eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch" }, "product_reference": "eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch" }, "product_reference": "eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch" }, "product_reference": "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src" }, "product_reference": "eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch" }, "product_reference": "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src" }, "product_reference": "eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src" }, "product_reference": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch" }, "product_reference": "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src" }, "product_reference": "eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch" }, "product_reference": "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" }, "product_reference": "eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1-EUS" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-7238", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2020-01-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1796225" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch\u0027s security team has stated that the previous vulnerability, CVE-2019-16869, does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit both these vulnerabilities on OpenShift Container Platform, so we\u0027re reducing the impact of this issue to moderate and may fix it in the future release.\n\nRed Hat Satellite ships vulnerable netty version embedded in Candlepin, however, is not directly vulnerable since HTTP requests are handled by Tomcat and not netty.\n\n[1] https://github.com/elastic/elasticsearch/issues/49396", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-7238" }, { "category": "external", "summary": "RHBZ#1796225", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796225" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-7238", "url": "https://www.cve.org/CVERecord?id=CVE-2020-7238" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7238", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7238" }, { "category": "external", "summary": "https://netty.io/news/2019/12/18/4-1-44-Final.html", "url": "https://netty.io/news/2019/12/18/4-1-44-Final.html" } ], "release_date": "2020-01-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T00:12:13+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10208" }, { "category": "workaround", "details": "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling" }, { "cve": "CVE-2020-28052", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2021-01-05T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1912881" } ], "notes": [ { "category": "description", "text": "A flaw was found in bouncycastle. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-28052" }, { "category": "external", "summary": "RHBZ#1912881", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912881" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28052", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28052" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28052", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28052" } ], "release_date": "2020-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T00:12:13+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10208" }, { "category": "workaround", "details": "Users unable to upgrade to version 1.67 or greater can copy the `OpenBSDBCrypt.doCheckPassword()` method implementation (https://github.com/bcgit/bc-java/blob/r1rv67/core/src/main/java/org/bouncycastle/crypto/generators/OpenBSDBCrypt.java#L259-L343) into their own utility class and supplement it with the required methods and variables as required", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible" }, { "cve": "CVE-2022-23221", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044596" } ], "notes": [ { "category": "description", "text": "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Loading of custom classes from remote servers through JNDI", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src" ], "known_not_affected": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23221" }, { "category": "external", "summary": "RHBZ#2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23221", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23221" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-45hx-wfhj-473x", "url": "https://github.com/advisories/GHSA-45hx-wfhj-473x" } ], "release_date": "2022-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T00:12:13+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10208" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "h2: Loading of custom classes from remote servers through JNDI" }, { "cve": "CVE-2022-34169", "cwe": { "id": "CWE-192", "name": "Integer Coercion Error" }, "discovery_date": "2022-07-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2108554" } ], "notes": [ { "category": "description", "text": "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-34169" }, { "category": "external", "summary": "RHBZ#2108554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108554" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-34169", "url": "https://www.cve.org/CVERecord?id=CVE-2022-34169" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-34169", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34169" } ], "release_date": "2022-07-19T20:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T00:12:13+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10208" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)" }, { "cve": "CVE-2022-41853", "cwe": { "id": "CWE-470", "name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)" }, "discovery_date": "2022-10-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2136141" } ], "notes": [ { "category": "description", "text": "A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.", "title": "Vulnerability description" }, { "category": "summary", "text": "hsqldb: Untrusted input may lead to RCE attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41853" }, { "category": "external", "summary": "RHBZ#2136141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136141" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41853" }, { "category": "external", "summary": "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control", "url": "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-77xx-rxvh-q682", "url": "https://github.com/advisories/GHSA-77xx-rxvh-q682" } ], "release_date": "2022-10-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T00:12:13+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10208" }, { "category": "workaround", "details": "By default, the static methods of any class that is on the classpath are available for use and can compromise security in some systems. The optional Java system property, hsqldb.method_class_names, allows preventing access to classes other than java.lang.Math or specifying a semicolon-separated list of allowed classes. A property value that ends with .* is treated as a wild card and allows access to all class or method names formed by substitution of the * (asterisk).\n\nIn the example below, the property has been included as an argument to the Java command.\n\n java -Dhsqldb.method_class_names=\"org.me.MyClass;org.you.YourClass;org.you.lib.*\" [the rest of the command line]\n\nThe above example allows access to the methods in the two classes: org.me.MyClass and org.you.YourClass together with all the classes in the org.you.lib package. Note that if the property is not defined, no access control is performed at this level.\n\nThe user who creates a Java routine must have the relevant access privileges on the tables that are used inside the Java method.\n\nOnce the routine has been defined, the normal database access control applies to its user. The routine can be executed only by those users who have been granted EXECUTE privileges on it. Access to routines can be granted to users with GRANT EXECUTE or GRANT ALL. For example, GRANT EXECUTE ON myroutine TO PUBLIC.\n\nIn hsqldb 2.7.1, all classes by default are not accessible, except those in java.lang.Math and need to be manually enabled.", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "hsqldb: Untrusted input may lead to RCE attack" }, { "cve": "CVE-2022-46364", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2022-12-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155682" } ], "notes": [ { "category": "description", "text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", "title": "Vulnerability description" }, { "category": "summary", "text": "CXF: SSRF Vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46364" }, { "category": "external", "summary": "RHBZ#2155682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46364" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364" }, { "category": "external", "summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2", "url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T00:12:13+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10208" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "CXF: SSRF Vulnerability" }, { "cve": "CVE-2023-3171", "cwe": { "id": "CWE-789", "name": "Memory Allocation with Excessive Size Value" }, "discovery_date": "2023-04-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2213639" } ], "notes": [ { "category": "description", "text": "A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "eap-7: heap exhaustion via deserialization", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-3171" }, { "category": "external", "summary": "RHBZ#2213639", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-3171", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3171" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3171", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3171" } ], "release_date": "2023-10-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T00:12:13+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10208" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "eap-7: heap exhaustion via deserialization" }, { "cve": "CVE-2023-5685", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-10-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2241822" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: StackOverflowException when the chain of notifier states becomes problematically big", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates this vulnerability as an Important impact as the uncontrolled resource consumption may lead to Denial of Service (DoS). This might be intentioned by an attacker who is looking to jeopardize an environment.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-5685" }, { "category": "external", "summary": "RHBZ#2241822", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241822" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-5685", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5685" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T00:12:13+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10208" }, { "category": "workaround", "details": "There is currently no mitigation available for this vulnerability. Please keep the packages up-to-date as the updates become available.", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "xnio: StackOverflowException when the chain of notifier states becomes problematically big" }, { "cve": "CVE-2023-26464", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2182864" } ], "notes": [ { "category": "description", "text": "A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j1-socketappender: DoS via hashmap logging", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 8 and 9 security impacts have been reduced to Low as they do not enable the vulnerable JDK by default.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26464" }, { "category": "external", "summary": "RHBZ#2182864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26464", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26464" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464" }, { "category": "external", "summary": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464", "url": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464" } ], "release_date": "2023-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T00:12:13+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10208" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "log4j1-socketappender: DoS via hashmap logging" }, { "cve": "CVE-2023-39410", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2023-10-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2242521" } ], "notes": [ { "category": "description", "text": "A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-39410" }, { "category": "external", "summary": "RHBZ#2242521", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242521" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39410", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39410" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/AVRO-3819", "url": "https://issues.apache.org/jira/browse/AVRO-3819" } ], "release_date": "2023-09-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T00:12:13+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10208" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK" }, { "cve": "CVE-2024-28752", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2024-03-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2270732" } ], "notes": [ { "category": "description", "text": "A server-side request forgery (SSRF) vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted.", "title": "Vulnerability description" }, { "category": "summary", "text": "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates this as an Important impact due to the fact this requires Aegis databind, which is not the default databinding for Apache CXF.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-28752" }, { "category": "external", "summary": "RHBZ#2270732", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270732" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28752", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28752" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28752", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28752" }, { "category": "external", "summary": "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt", "url": "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-qmgx-j96g-4428", "url": "https://github.com/advisories/GHSA-qmgx-j96g-4428" } ], "release_date": "2024-03-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T00:12:13+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10208" }, { "category": "workaround", "details": "No mitigation is currently available for this vulnerability. Please make sure to update as the fixes become available.", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding" }, { "cve": "CVE-2024-47561", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2024-10-02T14:04:06.018000+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2316116" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", "title": "Vulnerability summary" }, { "category": "other", "text": "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-47561" }, { "category": "external", "summary": "RHBZ#2316116", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316116" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-47561", "url": "https://www.cve.org/CVERecord?id=CVE-2024-47561" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47561" } ], "release_date": "2024-10-03T12:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T00:12:13+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10208" }, { "category": "workaround", "details": "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", "product_ids": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-mail-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-pkix-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-bouncycastle-prov-0:1.68.0-1.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.src", "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.8-2.GA_redhat_00002.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.noarch", "7Server-JBEAP-7.1-EUS:eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)" } ] }
rhsa-2023_5484
Vulnerability from csaf_redhat
Published
2023-10-05 20:23
Modified
2024-12-17 23:05
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 7
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* server: eap-7: heap exhaustion via deserialization (CVE-2023-3171)
* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)
* nodejs-semver: Regular expression denial of service (CVE-2022-25883)
* wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor (CVE-2023-4061)
* tough-cookie: prototype pollution in cookie memstore (CVE-2023-26136)
* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)
* netty: netty-handler: SniHandler 16MB allocation (CVE-2023-34462)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* server: eap-7: heap exhaustion via deserialization (CVE-2023-3171)\n\n* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)\n\n* nodejs-semver: Regular expression denial of service (CVE-2022-25883)\n\n* wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor (CVE-2023-4061)\n\n* tough-cookie: prototype pollution in cookie memstore (CVE-2023-26136)\n\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n\n* netty: netty-handler: SniHandler 16MB allocation (CVE-2023-34462)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:5484", "url": "https://access.redhat.com/errata/RHSA-2023:5484" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2182864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864" }, { "category": "external", "summary": "2213639", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639" }, { "category": "external", "summary": "2215465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465" }, { "category": "external", "summary": "2216475", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216475" }, { "category": "external", "summary": "2216888", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888" }, { "category": "external", "summary": "2219310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219310" }, { "category": "external", "summary": "2228608", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228608" }, { "category": "external", "summary": "JBEAP-24667", "url": "https://issues.redhat.com/browse/JBEAP-24667" }, { "category": "external", "summary": "JBEAP-24797", "url": "https://issues.redhat.com/browse/JBEAP-24797" }, { "category": "external", "summary": "JBEAP-24966", "url": "https://issues.redhat.com/browse/JBEAP-24966" }, { "category": "external", "summary": "JBEAP-24985", "url": "https://issues.redhat.com/browse/JBEAP-24985" }, { "category": "external", "summary": "JBEAP-25032", "url": "https://issues.redhat.com/browse/JBEAP-25032" }, { "category": "external", "summary": "JBEAP-25033", "url": "https://issues.redhat.com/browse/JBEAP-25033" }, { "category": "external", "summary": "JBEAP-25078", "url": "https://issues.redhat.com/browse/JBEAP-25078" }, { "category": "external", "summary": "JBEAP-25122", "url": "https://issues.redhat.com/browse/JBEAP-25122" }, { "category": "external", "summary": "JBEAP-25135", "url": "https://issues.redhat.com/browse/JBEAP-25135" }, { "category": "external", "summary": "JBEAP-25186", "url": "https://issues.redhat.com/browse/JBEAP-25186" }, { "category": "external", "summary": "JBEAP-25200", "url": "https://issues.redhat.com/browse/JBEAP-25200" }, { "category": "external", "summary": "JBEAP-25225", "url": "https://issues.redhat.com/browse/JBEAP-25225" }, { "category": "external", "summary": "JBEAP-25261", "url": "https://issues.redhat.com/browse/JBEAP-25261" }, { "category": "external", "summary": "JBEAP-25285", "url": "https://issues.redhat.com/browse/JBEAP-25285" }, { "category": "external", "summary": "JBEAP-25312", "url": "https://issues.redhat.com/browse/JBEAP-25312" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5484.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 7", "tracking": { "current_release_date": "2024-12-17T23:05:16+00:00", "generator": { "date": "2024-12-17T23:05:16+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2023:5484", "initial_release_date": "2023-10-05T20:23:52+00:00", "revision_history": [ { "date": "2023-10-05T20:23:52+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-10-05T20:23:52+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-17T23:05:16+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product": { "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.26-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.20-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.13-2.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.94-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.10-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.15.8-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "product_id": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-31.Final_redhat_00030.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-mod_cluster@1.4.5-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.31-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.19-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.15-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.12.2-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "product": { "name": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "product_id": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-15.redhat_00049.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "product": { "name": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "product_id": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.76.0-4.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.94-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.13-8.GA_redhat_00001.1.el7eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.26-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.20-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.20-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.13-2.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.13-2.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-all@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-buffer@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-dns@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-haproxy@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http2@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-memcache@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-mqtt@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-redis@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-smtp@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-socks@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-stomp@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-xml@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-common@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler-proxy@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns-classes-macos@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-epoll@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-kqueue@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-unix-common@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-rxtx@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-sctp@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-udt@4.1.94-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.10-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.15.8-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.15.8-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.15.8-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-client@3.15.8-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.15.8-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.15.8-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.15.8-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.15.8-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.15.8-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.15.8-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.15.8-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.15.8-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-binding-provider@3.15.8-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.15.8-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.15.8-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-rxjava2@3.15.8-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.15.8-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.15.8-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.15.8-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-31.Final_redhat_00030.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-31.Final_redhat_00030.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-31.Final_redhat_00030.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-mod_cluster@1.4.5-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.31-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.31-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.31-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.31-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.31-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.19-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.12.2-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-15.redhat_00049.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-15.redhat_00049.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-15.redhat_00049.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-15.redhat_00049.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-15.redhat_00049.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-15.redhat_00049.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-15.redhat_00049.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-15.redhat_00049.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-15.redhat_00049.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-15.redhat_00049.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-15.redhat_00049.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-15.redhat_00049.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-15.redhat_00049.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-15.redhat_00049.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-15.redhat_00049.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-15.redhat_00049.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "product_id": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.76.0-4.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "product_id": "eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-mail@1.76.0-4.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "product_id": "eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-pg@1.76.0-4.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "product_id": "eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-pkix@1.76.0-4.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "product_id": "eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-prov@1.76.0-4.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "product_id": "eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-util@1.76.0-4.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.13-8.GA_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.13-8.GA_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.13-8.GA_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.13-8.GA_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.13-8.GA_redhat_00001.1.el7eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.94-1.Final_redhat_00001.1.el7eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll-debuginfo@4.1.94-1.Final_redhat_00001.1.el7eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-25883", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2023-06-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2216475" } ], "notes": [ { "category": "description", "text": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the \u0027new Range\u0027 function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-semver: Regular expression denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Advanced Cluster Management for Kubernetes-2 and Red Hat Advanced Cluster Security-3 has been marked as Low severity because node-semver is a Dev dependency for those, used only during the build process, and not used in customer environments.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) the server-regexp dependency is protected by OAuth what is reducing impact by this flaw to Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25883" }, { "category": "external", "summary": "RHBZ#2216475", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216475" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25883", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25883", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25883" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795", "url": "https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795" } ], "release_date": "2023-06-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-05T20:23:52+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5484" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-semver: Regular expression denial of service" }, { "cve": "CVE-2023-3171", "cwe": { "id": "CWE-789", "name": "Memory Allocation with Excessive Size Value" }, "discovery_date": "2023-04-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2213639" } ], "notes": [ { "category": "description", "text": "A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "eap-7: heap exhaustion via deserialization", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-3171" }, { "category": "external", "summary": "RHBZ#2213639", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-3171", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3171" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3171", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3171" } ], "release_date": "2023-10-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-05T20:23:52+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5484" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "eap-7: heap exhaustion via deserialization" }, { "cve": "CVE-2023-4061", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2023-08-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2228608" } ], "notes": [ { "category": "description", "text": "A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability requires a malicious user to previously have access to the system, especially access to the HAL interface via browser and logged with a management user who have access to the resolve-expression method, hence the moderate impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4061" }, { "category": "external", "summary": "RHBZ#2228608", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228608" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4061", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4061" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4061", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4061" } ], "release_date": "2023-10-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-05T20:23:52+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5484" }, { "category": "workaround", "details": "Wildfly administrators are recommended to use Vault, especially the Elytron subsystem, to store potential critical information such as DNS, IPs, and credentials.", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor" }, { "acknowledgments": [ { "names": [ "Kokorin Vsevolod" ] } ], "cve": "CVE-2023-26136", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2023-07-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2219310" } ], "notes": [ { "category": "description", "text": "A flaw was found in the tough-cookie package which allows Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.", "title": "Vulnerability description" }, { "category": "summary", "text": "tough-cookie: prototype pollution in cookie memstore", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26136" }, { "category": "external", "summary": "RHBZ#2219310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219310" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26136", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26136" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26136", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26136" }, { "category": "external", "summary": "https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e", "url": "https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e" }, { "category": "external", "summary": "https://github.com/salesforce/tough-cookie/issues/282", "url": "https://github.com/salesforce/tough-cookie/issues/282" }, { "category": "external", "summary": "https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3", "url": "https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html", "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873", "url": "https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873" } ], "release_date": "2023-07-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-05T20:23:52+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5484" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tough-cookie: prototype pollution in cookie memstore" }, { "cve": "CVE-2023-26464", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2182864" } ], "notes": [ { "category": "description", "text": "A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j1-socketappender: DoS via hashmap logging", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 8 and 9 security impacts have been reduced to Low as they do not enable the vulnerable JDK by default.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26464" }, { "category": "external", "summary": "RHBZ#2182864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26464", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26464" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464" }, { "category": "external", "summary": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464", "url": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464" } ], "release_date": "2023-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-05T20:23:52+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5484" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "log4j1-socketappender: DoS via hashmap logging" }, { "cve": "CVE-2023-33201", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2023-06-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2215465" } ], "notes": [ { "category": "description", "text": "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-33201" }, { "category": "external", "summary": "RHBZ#2215465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-33201", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201" }, { "category": "external", "summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201", "url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201" } ], "release_date": "2023-06-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-05T20:23:52+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5484" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate" }, { "cve": "CVE-2023-34462", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-06-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2216888" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty\u0027s SniHandler while navigating TLS handshake which may permit a large heap allocation if the handler did not have a timeout configured. This issue may allow an attacker to send a client hello packet which would cause the server to buffer large amounts of data per connection, potentially causing an out of memory error, resulting in Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: SniHandler 16MB allocation leads to OOM", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-34462" }, { "category": "external", "summary": "RHBZ#2216888", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-34462", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462" } ], "release_date": "2023-06-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-05T20:23:52+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5484" }, { "category": "workaround", "details": "Configuration of SniHandler with an idle timeout will mitigate this issue.", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: SniHandler 16MB allocation leads to OOM" } ] }
rhsa-2024_10207
Vulnerability from csaf_redhat
Published
2024-11-25 00:12
Modified
2024-12-17 23:06
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.11 Security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.11 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.10, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.11 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [eap-7.3.z] (CVE-2024-28752)
* h2: Loading of custom classes from remote servers through JNDI [eap-7.3.z] (CVE-2022-23221)
* log4j: Unsafe deserialization flaw in Chainsaw log viewer [eap-7.3.z] (CVE-2022-23307)
* log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender [eap-7.3.z] (CVE-2022-23305)
* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender [eap-7.3.z] (CVE-2021-4104)
* CXF: Apache CXF: SSRF Vulnerability [eap-7.3.z] (CVE-2022-46364)
* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging [eap-7.3.z] (CVE-2023-26464)
* xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.3.z] (CVE-2022-34169)
* xnio: StackOverflowException when the chain of notifier states becomes problematically big [eap-7.3.z] (CVE-2023-5685)
* hsqldb: Untrusted input may lead to RCE attack [eap-7.3.z] (CVE-2022-41853)
* server: eap-7: heap exhaustion via deserialization [eap-7.3.z] (CVE-2023-3171)
* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK [eap-7.3.z] (CVE-2023-39410)
* undertow: client side invocation timeout raised when calling EJB over HTTP and HTTP2 [eap-7.3.z] (CVE-2021-3859)
* avro: apache-avro: Schema parsing may trigger Remote Code Execution (RCE) [eap-7.3.z] (CVE-2024-47561)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.11 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.10, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.11 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [eap-7.3.z] (CVE-2024-28752)\n\n* h2: Loading of custom classes from remote servers through JNDI [eap-7.3.z] (CVE-2022-23221)\n\n* log4j: Unsafe deserialization flaw in Chainsaw log viewer [eap-7.3.z] (CVE-2022-23307)\n\n* log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender [eap-7.3.z] (CVE-2022-23305)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender [eap-7.3.z] (CVE-2021-4104)\n\n* CXF: Apache CXF: SSRF Vulnerability [eap-7.3.z] (CVE-2022-46364)\n\n* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging [eap-7.3.z] (CVE-2023-26464)\n\n* xalan: integer truncation issue in Xalan-J (JAXP, 8285407) [eap-7.3.z] (CVE-2022-34169)\n\n* xnio: StackOverflowException when the chain of notifier states becomes problematically big [eap-7.3.z] (CVE-2023-5685)\n\n* hsqldb: Untrusted input may lead to RCE attack [eap-7.3.z] (CVE-2022-41853)\n\n* server: eap-7: heap exhaustion via deserialization [eap-7.3.z] (CVE-2023-3171)\n\n* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK [eap-7.3.z] (CVE-2023-39410)\n\n* undertow: client side invocation timeout raised when calling EJB over HTTP and HTTP2 [eap-7.3.z] (CVE-2021-3859)\n\n* avro: apache-avro: Schema parsing may trigger Remote Code Execution (RCE) [eap-7.3.z] (CVE-2024-47561)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:10207", "url": "https://access.redhat.com/errata/RHSA-2024:10207" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3", "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3" }, { "category": "external", "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index", "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index" }, { "category": "external", "summary": "2010378", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010378" }, { "category": "external", "summary": "2031667", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667" }, { "category": "external", "summary": "2041959", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041959" }, { "category": "external", "summary": "2041967", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041967" }, { "category": "external", "summary": "2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "2108554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108554" }, { "category": "external", "summary": "2136141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136141" }, { "category": "external", "summary": "2155682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682" }, { "category": "external", "summary": "2182864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864" }, { "category": "external", "summary": "2213639", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639" }, { "category": "external", "summary": "2241822", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241822" }, { "category": "external", "summary": "2242521", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242521" }, { "category": "external", "summary": "2270732", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270732" }, { "category": "external", "summary": "2316116", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316116" }, { "category": "external", "summary": "JBEAP-23025", "url": "https://issues.redhat.com/browse/JBEAP-23025" }, { "category": "external", "summary": "JBEAP-28084", "url": "https://issues.redhat.com/browse/JBEAP-28084" }, { "category": "external", "summary": "JBEAP-28089", "url": "https://issues.redhat.com/browse/JBEAP-28089" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10207.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.11 Security update", "tracking": { "current_release_date": "2024-12-17T23:06:37+00:00", "generator": { "date": "2024-12-17T23:06:37+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2024:10207", "initial_release_date": "2024-11-25T00:12:17+00:00", "revision_history": [ { "date": "2024-11-25T00:12:17+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-11-25T00:12:17+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-17T23:06:37+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.15-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.13-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "product": { "name": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "product_id": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-avro@1.7.6-8.redhat_00003.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "product": { "name": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "product_id": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j@2.3.3-2.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", "product": { "name": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", "product_id": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xml-security@2.2.3-2.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "product": { "name": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "product_id": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-38.redhat_00015.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "product": { "name": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "product_id": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j-jboss-logmanager@1.2.2-2.Final_redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "product": { "name": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "product_id": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-3.redhat_00004.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-4.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "product_id": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-12.Final_redhat_00013.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "product": { "name": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "product_id": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.11-4.GA_redhat_00002.1.el7eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.4.10-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.7.13-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "product_id": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-avro@1.7.6-8.redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "product_id": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j@2.3.3-2.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "product_id": "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j-bindings@2.3.3-2.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "product_id": "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j-policy@2.3.3-2.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "product_id": "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-common@2.3.3-2.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "product_id": "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-dom@2.3.3-2.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "product_id": "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-policy-stax@2.3.3-2.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "product_id": "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wss4j-ws-security-stax@2.3.3-2.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "product_id": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xml-security@2.2.3-2.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "product": { "name": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "product_id": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-38.redhat_00015.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "product_id": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j-jboss-logmanager@1.2.2-2.Final_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "product_id": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-3.redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.2-12.Final_redhat_00013.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "product_id": "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.11-4.GA_redhat_00002.1.el7eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src" }, "product_reference": "eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src" }, "product_reference": "eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src" }, "product_reference": "eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src" }, "product_reference": "eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch" }, "product_reference": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src" }, "product_reference": "eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-3859", "cwe": { "id": "CWE-214", "name": "Invocation of Process Using Visible Sensitive Information" }, "discovery_date": "2021-09-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2010378" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: client side invocation timeout raised when calling over HTTP2", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3859" }, { "category": "external", "summary": "RHBZ#2010378", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010378" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3859", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3859" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3859", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3859" } ], "release_date": "2022-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T00:12:17+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10207" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: client side invocation timeout raised when calling over HTTP2" }, { "cve": "CVE-2021-4104", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-12-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031667" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker\u0027s JNDI LDAP endpoint.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender", "title": "Vulnerability summary" }, { "category": "other", "text": "Based on the conditions to be exploitable (see details below), the risk is much lower than Log4j 2.x and Red Hat has assessed this to be Moderate severity. This flaw has been filed for Log4j 1.x, and the corresponding flaw information for Log4j 2.x is available at: https://access.redhat.com/security/cve/CVE-2021-44228\n\nNote this flaw ONLY affects applications which are specifically configured to use JMSAppender, which is not the default, or when the attacker has write access to the Log4j configuration for adding JMSAppender to the attacker\u0027s JNDI LDAP endpoint. \n\nIf the Log4j configuration is set TopicBindingName or TopicConnectionFactoryBindingName configurations allowing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228 Log4j 2.x, Log4j 1.x is vulnerable. However, the attack vector is reduced as it depends on having write access, which is not a standard configuration rather than untrusted user input. These are sufficient factors beyond the attacker\u0027s control.\n\nThe tomcat package shipped with Red Hat Enterprise Linux does not include log4j but it does include a default configuration for log4j, log4j.properties, which could be used with tomcat if users choose to install and configure the library. The JMSAppender is not enabled by default, and the permissions of the file can only be modified as root.\n\nRed Hat Virtualization ships log4j12-1.2.17, but it is used and configured in a way which makes this flaw not possible to exploit. Therefore impact is rated Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-4104" }, { "category": "external", "summary": "RHBZ#2031667", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667" }, { "category": "external", "summary": "RHSB-2021-009", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-4104", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4104" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4104", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4104" }, { "category": "external", "summary": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126", "url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126" }, { "category": "external", "summary": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301", "url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301" }, { "category": "external", "summary": "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx", "url": "https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2021/12/13/1", "url": "https://www.openwall.com/lists/oss-security/2021/12/13/1" } ], "release_date": "2021-12-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T00:12:17+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10207" }, { "category": "workaround", "details": "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JMSAppender in the Log4j configuration if it is used\n- Remove the JMSAppender class from the classpath. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/net/JMSAppender.class\n```\n- Restrict access for the OS user on the platform running the application to prevent modifying the Log4j configuration by the attacker.", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender" }, { "cve": "CVE-2022-23221", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044596" } ], "notes": [ { "category": "description", "text": "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Loading of custom classes from remote servers through JNDI", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23221" }, { "category": "external", "summary": "RHBZ#2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23221", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23221" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-45hx-wfhj-473x", "url": "https://github.com/advisories/GHSA-45hx-wfhj-473x" } ], "release_date": "2022-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T00:12:17+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10207" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "h2: Loading of custom classes from remote servers through JNDI" }, { "cve": "CVE-2022-23305", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2022-01-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041959" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain interpolation tokens.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender", "title": "Vulnerability summary" }, { "category": "other", "text": "Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization and OpenShift Container Platform in the OCP Metering stack (the Hive/Presto/Hadoop components) ship a vulnerable version of the log4j package, however JDBCAppender is not used. Therefore the impact of this vulnerability for these products is rated Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23305" }, { "category": "external", "summary": "RHBZ#2041959", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041959" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23305", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23305" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23305", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23305" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2022/01/18/4", "url": "https://www.openwall.com/lists/oss-security/2022/01/18/4" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T00:12:17+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10207" }, { "category": "workaround", "details": "These are the possible mitigations for this flaw for releases version 1.x:\n\n- Comment out or remove JDBCAppender in the Log4j configuration if it is used\n- Remove the JDBCAppender class from the server\u0027s jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/jdbc/JDBCAppender.class\n```", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender" }, { "cve": "CVE-2022-23307", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041967" } ], "notes": [ { "category": "description", "text": "A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: Unsafe deserialization flaw in Chainsaw log viewer", "title": "Vulnerability summary" }, { "category": "other", "text": "Chainsaw is a standalone graphical user interface for viewing log entries in log4j. This flaw may be bypassed by using other available means to access log entries.\n\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\n\nRed Hat Virtualization ships a vulnerable version of the log4j package, however chainsaw is not part of typical use cases. An attacker looking to exploit this would need to not only be able to generate a malicious log entry, but also have the necessary access and permissions to start chainsaw on the engine node. Therefore the impact of this vulnerability for Red Hat Virtualization is rated Low.\n\nSimilar to Red Hat Virtualization in OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of log4j package, however vulnerable chainsaw component is not used by default. Therefore the impact to OCP is reduced to Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23307" }, { "category": "external", "summary": "RHBZ#2041967", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041967" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23307", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23307" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2022/01/18/5", "url": "https://www.openwall.com/lists/oss-security/2022/01/18/5" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T00:12:17+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10207" }, { "category": "workaround", "details": "These are the mitigations available for this flaw for log4j 1.x:\n- Avoid using Chainsaw to view logs, and instead use some other utility, especially if there is a log view available within the product itself.\n- Remove the Chainsaw classes from the log4j jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/chainsaw/*\n```\n(log4j jars may be nested in zip archives within product)", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "log4j: Unsafe deserialization flaw in Chainsaw log viewer" }, { "cve": "CVE-2022-34169", "cwe": { "id": "CWE-192", "name": "Integer Coercion Error" }, "discovery_date": "2022-07-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2108554" } ], "notes": [ { "category": "description", "text": "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-34169" }, { "category": "external", "summary": "RHBZ#2108554", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108554" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-34169", "url": "https://www.cve.org/CVERecord?id=CVE-2022-34169" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-34169", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34169" } ], "release_date": "2022-07-19T20:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T00:12:17+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10207" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)" }, { "cve": "CVE-2022-41853", "cwe": { "id": "CWE-470", "name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)" }, "discovery_date": "2022-10-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2136141" } ], "notes": [ { "category": "description", "text": "A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default.", "title": "Vulnerability description" }, { "category": "summary", "text": "hsqldb: Untrusted input may lead to RCE attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41853" }, { "category": "external", "summary": "RHBZ#2136141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136141" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41853" }, { "category": "external", "summary": "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control", "url": "http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-77xx-rxvh-q682", "url": "https://github.com/advisories/GHSA-77xx-rxvh-q682" } ], "release_date": "2022-10-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T00:12:17+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10207" }, { "category": "workaround", "details": "By default, the static methods of any class that is on the classpath are available for use and can compromise security in some systems. The optional Java system property, hsqldb.method_class_names, allows preventing access to classes other than java.lang.Math or specifying a semicolon-separated list of allowed classes. A property value that ends with .* is treated as a wild card and allows access to all class or method names formed by substitution of the * (asterisk).\n\nIn the example below, the property has been included as an argument to the Java command.\n\n java -Dhsqldb.method_class_names=\"org.me.MyClass;org.you.YourClass;org.you.lib.*\" [the rest of the command line]\n\nThe above example allows access to the methods in the two classes: org.me.MyClass and org.you.YourClass together with all the classes in the org.you.lib package. Note that if the property is not defined, no access control is performed at this level.\n\nThe user who creates a Java routine must have the relevant access privileges on the tables that are used inside the Java method.\n\nOnce the routine has been defined, the normal database access control applies to its user. The routine can be executed only by those users who have been granted EXECUTE privileges on it. Access to routines can be granted to users with GRANT EXECUTE or GRANT ALL. For example, GRANT EXECUTE ON myroutine TO PUBLIC.\n\nIn hsqldb 2.7.1, all classes by default are not accessible, except those in java.lang.Math and need to be manually enabled.", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "hsqldb: Untrusted input may lead to RCE attack" }, { "cve": "CVE-2022-46364", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2022-12-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155682" } ], "notes": [ { "category": "description", "text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.", "title": "Vulnerability description" }, { "category": "summary", "text": "CXF: SSRF Vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46364" }, { "category": "external", "summary": "RHBZ#2155682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46364" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364" }, { "category": "external", "summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2", "url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T00:12:17+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10207" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "CXF: SSRF Vulnerability" }, { "cve": "CVE-2023-3171", "cwe": { "id": "CWE-789", "name": "Memory Allocation with Excessive Size Value" }, "discovery_date": "2023-04-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2213639" } ], "notes": [ { "category": "description", "text": "A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "eap-7: heap exhaustion via deserialization", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-3171" }, { "category": "external", "summary": "RHBZ#2213639", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-3171", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3171" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3171", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3171" } ], "release_date": "2023-10-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T00:12:17+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10207" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "eap-7: heap exhaustion via deserialization" }, { "cve": "CVE-2023-5685", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-10-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2241822" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: StackOverflowException when the chain of notifier states becomes problematically big", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates this vulnerability as an Important impact as the uncontrolled resource consumption may lead to Denial of Service (DoS). This might be intentioned by an attacker who is looking to jeopardize an environment.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-5685" }, { "category": "external", "summary": "RHBZ#2241822", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241822" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-5685", "url": "https://www.cve.org/CVERecord?id=CVE-2023-5685" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T00:12:17+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10207" }, { "category": "workaround", "details": "There is currently no mitigation available for this vulnerability. Please keep the packages up-to-date as the updates become available.", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "xnio: StackOverflowException when the chain of notifier states becomes problematically big" }, { "cve": "CVE-2023-26464", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2182864" } ], "notes": [ { "category": "description", "text": "A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j1-socketappender: DoS via hashmap logging", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 8 and 9 security impacts have been reduced to Low as they do not enable the vulnerable JDK by default.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26464" }, { "category": "external", "summary": "RHBZ#2182864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26464", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26464" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464" }, { "category": "external", "summary": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464", "url": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464" } ], "release_date": "2023-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T00:12:17+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10207" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "log4j1-socketappender: DoS via hashmap logging" }, { "cve": "CVE-2023-39410", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2023-10-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2242521" } ], "notes": [ { "category": "description", "text": "A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-39410" }, { "category": "external", "summary": "RHBZ#2242521", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242521" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39410", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39410" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410" }, { "category": "external", "summary": "https://issues.apache.org/jira/browse/AVRO-3819", "url": "https://issues.apache.org/jira/browse/AVRO-3819" } ], "release_date": "2023-09-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T00:12:17+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10207" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK" }, { "cve": "CVE-2024-28752", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2024-03-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2270732" } ], "notes": [ { "category": "description", "text": "A server-side request forgery (SSRF) vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted.", "title": "Vulnerability description" }, { "category": "summary", "text": "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates this as an Important impact due to the fact this requires Aegis databind, which is not the default databinding for Apache CXF.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-28752" }, { "category": "external", "summary": "RHBZ#2270732", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270732" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28752", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28752" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28752", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28752" }, { "category": "external", "summary": "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt", "url": "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-qmgx-j96g-4428", "url": "https://github.com/advisories/GHSA-qmgx-j96g-4428" } ], "release_date": "2024-03-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T00:12:17+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10207" }, { "category": "workaround", "details": "No mitigation is currently available for this vulnerability. Please make sure to update as the fixes become available.", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding" }, { "cve": "CVE-2024-47561", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2024-10-02T14:04:06.018000+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2316116" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special \"java-class\" attribute.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)", "title": "Vulnerability summary" }, { "category": "other", "text": "The Red Hat build of Apache Camel K 1.10 was rated Important as it allows users to provide an Avro schema for parsing. Note that this functionality is limited to authenticated users.\n\nRed Hat Single Sign-On 7 ships the affected component in its maven repository but does not use it in the product. As such it is affected but not vulnerable to the flaw, and is assessed at Moderate security impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-47561" }, { "category": "external", "summary": "RHBZ#2316116", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316116" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-47561", "url": "https://www.cve.org/CVERecord?id=CVE-2024-47561" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47561", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47561" } ], "release_date": "2024-10-03T12:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-11-25T00:12:17+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:10207" }, { "category": "workaround", "details": "1. Avoid parsing user-provided schemas.\n2. Ensure proper input validation and sanitization of schemas before parsing.\n3. Monitor systems for any unusual activities that may indicate exploitation attempts.\n4. Apply the principle of least privilege to minimize the potential impact of successful exploits.", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-marshalling-river-0:2.0.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-12.Final_redhat_00013.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.11-4.GA_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wss4j-bindings-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-policy-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-common-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-dom-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-policy-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wss4j-ws-security-stax-0:2.3.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "apache-avro: Schema parsing may trigger Remote Code Execution (RCE)" } ] }
rhsa-2023_5488
Vulnerability from csaf_redhat
Published
2023-10-05 20:18
Modified
2024-12-17 23:05
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.13 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* server: eap-7: heap exhaustion via deserialization (CVE-2023-3171)
* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)
* nodejs-semver: Regular expression denial of service (CVE-2022-25883)
* wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor (CVE-2023-4061)
* tough-cookie: prototype pollution in cookie memstore (CVE-2023-26136)
* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)
* netty: netty-handler: SniHandler 16MB allocation (CVE-2023-34462)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* server: eap-7: heap exhaustion via deserialization (CVE-2023-3171)\n\n* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)\n\n* nodejs-semver: Regular expression denial of service (CVE-2022-25883)\n\n* wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor (CVE-2023-4061)\n\n* tough-cookie: prototype pollution in cookie memstore (CVE-2023-26136)\n\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n\n* netty: netty-handler: SniHandler 16MB allocation (CVE-2023-34462)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:5488", "url": "https://access.redhat.com/errata/RHSA-2023:5488" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2182864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864" }, { "category": "external", "summary": "2213639", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639" }, { "category": "external", "summary": "2215465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465" }, { "category": "external", "summary": "2216475", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216475" }, { "category": "external", "summary": "2216888", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888" }, { "category": "external", "summary": "2219310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219310" }, { "category": "external", "summary": "2228608", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228608" }, { "category": "external", "summary": "JBEAP-24667", "url": "https://issues.redhat.com/browse/JBEAP-24667" }, { "category": "external", "summary": "JBEAP-24966", "url": "https://issues.redhat.com/browse/JBEAP-24966" }, { "category": "external", "summary": "JBEAP-24985", "url": "https://issues.redhat.com/browse/JBEAP-24985" }, { "category": "external", "summary": "JBEAP-25032", "url": "https://issues.redhat.com/browse/JBEAP-25032" }, { "category": "external", "summary": "JBEAP-25033", "url": "https://issues.redhat.com/browse/JBEAP-25033" }, { "category": "external", "summary": "JBEAP-25078", "url": "https://issues.redhat.com/browse/JBEAP-25078" }, { "category": "external", "summary": "JBEAP-25122", "url": "https://issues.redhat.com/browse/JBEAP-25122" }, { "category": "external", "summary": "JBEAP-25135", "url": "https://issues.redhat.com/browse/JBEAP-25135" }, { "category": "external", "summary": "JBEAP-25186", "url": "https://issues.redhat.com/browse/JBEAP-25186" }, { "category": "external", "summary": "JBEAP-25200", "url": "https://issues.redhat.com/browse/JBEAP-25200" }, { "category": "external", "summary": "JBEAP-25225", "url": "https://issues.redhat.com/browse/JBEAP-25225" }, { "category": "external", "summary": "JBEAP-25261", "url": "https://issues.redhat.com/browse/JBEAP-25261" }, { "category": "external", "summary": "JBEAP-25285", "url": "https://issues.redhat.com/browse/JBEAP-25285" }, { "category": "external", "summary": "JBEAP-25312", "url": "https://issues.redhat.com/browse/JBEAP-25312" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5488.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.13 security update", "tracking": { "current_release_date": "2024-12-17T23:05:07+00:00", "generator": { "date": "2024-12-17T23:05:07+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2023:5488", "initial_release_date": "2023-10-05T20:18:28+00:00", "revision_history": [ { "date": "2023-10-05T20:18:28+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-10-05T20:18:28+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-17T23:05:07+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "EAP 7.4.13", "product": { "name": "EAP 7.4.13", "product_id": "EAP 7.4.13", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-25883", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2023-06-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2216475" } ], "notes": [ { "category": "description", "text": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the \u0027new Range\u0027 function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-semver: Regular expression denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Advanced Cluster Management for Kubernetes-2 and Red Hat Advanced Cluster Security-3 has been marked as Low severity because node-semver is a Dev dependency for those, used only during the build process, and not used in customer environments.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) the server-regexp dependency is protected by OAuth what is reducing impact by this flaw to Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP 7.4.13" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25883" }, { "category": "external", "summary": "RHBZ#2216475", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216475" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25883", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25883", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25883" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795", "url": "https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795" } ], "release_date": "2023-06-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-05T20:18:28+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "EAP 7.4.13" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5488" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "EAP 7.4.13" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-semver: Regular expression denial of service" }, { "cve": "CVE-2023-3171", "cwe": { "id": "CWE-789", "name": "Memory Allocation with Excessive Size Value" }, "discovery_date": "2023-04-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2213639" } ], "notes": [ { "category": "description", "text": "A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "eap-7: heap exhaustion via deserialization", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP 7.4.13" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-3171" }, { "category": "external", "summary": "RHBZ#2213639", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-3171", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3171" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3171", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3171" } ], "release_date": "2023-10-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-05T20:18:28+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "EAP 7.4.13" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5488" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "EAP 7.4.13" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "eap-7: heap exhaustion via deserialization" }, { "cve": "CVE-2023-4061", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2023-08-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2228608" } ], "notes": [ { "category": "description", "text": "A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability requires a malicious user to previously have access to the system, especially access to the HAL interface via browser and logged with a management user who have access to the resolve-expression method, hence the moderate impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP 7.4.13" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4061" }, { "category": "external", "summary": "RHBZ#2228608", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228608" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4061", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4061" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4061", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4061" } ], "release_date": "2023-10-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-05T20:18:28+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "EAP 7.4.13" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5488" }, { "category": "workaround", "details": "Wildfly administrators are recommended to use Vault, especially the Elytron subsystem, to store potential critical information such as DNS, IPs, and credentials.", "product_ids": [ "EAP 7.4.13" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "EAP 7.4.13" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor" }, { "acknowledgments": [ { "names": [ "Kokorin Vsevolod" ] } ], "cve": "CVE-2023-26136", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2023-07-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2219310" } ], "notes": [ { "category": "description", "text": "A flaw was found in the tough-cookie package which allows Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.", "title": "Vulnerability description" }, { "category": "summary", "text": "tough-cookie: prototype pollution in cookie memstore", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP 7.4.13" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26136" }, { "category": "external", "summary": "RHBZ#2219310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219310" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26136", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26136" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26136", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26136" }, { "category": "external", "summary": "https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e", "url": "https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e" }, { "category": "external", "summary": "https://github.com/salesforce/tough-cookie/issues/282", "url": "https://github.com/salesforce/tough-cookie/issues/282" }, { "category": "external", "summary": "https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3", "url": "https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html", "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873", "url": "https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873" } ], "release_date": "2023-07-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-05T20:18:28+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "EAP 7.4.13" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5488" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "EAP 7.4.13" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tough-cookie: prototype pollution in cookie memstore" }, { "cve": "CVE-2023-26464", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2182864" } ], "notes": [ { "category": "description", "text": "A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j1-socketappender: DoS via hashmap logging", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 8 and 9 security impacts have been reduced to Low as they do not enable the vulnerable JDK by default.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP 7.4.13" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26464" }, { "category": "external", "summary": "RHBZ#2182864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26464", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26464" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464" }, { "category": "external", "summary": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464", "url": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464" } ], "release_date": "2023-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-05T20:18:28+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "EAP 7.4.13" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5488" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "EAP 7.4.13" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "EAP 7.4.13" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "log4j1-socketappender: DoS via hashmap logging" }, { "cve": "CVE-2023-33201", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2023-06-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2215465" } ], "notes": [ { "category": "description", "text": "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP 7.4.13" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-33201" }, { "category": "external", "summary": "RHBZ#2215465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-33201", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201" }, { "category": "external", "summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201", "url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201" } ], "release_date": "2023-06-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-05T20:18:28+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "EAP 7.4.13" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5488" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "EAP 7.4.13" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate" }, { "cve": "CVE-2023-34462", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-06-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2216888" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty\u0027s SniHandler while navigating TLS handshake which may permit a large heap allocation if the handler did not have a timeout configured. This issue may allow an attacker to send a client hello packet which would cause the server to buffer large amounts of data per connection, potentially causing an out of memory error, resulting in Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: SniHandler 16MB allocation leads to OOM", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP 7.4.13" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-34462" }, { "category": "external", "summary": "RHBZ#2216888", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-34462", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462" } ], "release_date": "2023-06-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-05T20:18:28+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "EAP 7.4.13" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5488" }, { "category": "workaround", "details": "Configuration of SniHandler with an idle timeout will mitigate this issue.", "product_ids": [ "EAP 7.4.13" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "EAP 7.4.13" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: SniHandler 16MB allocation leads to OOM" } ] }
rhsa-2023_5486
Vulnerability from csaf_redhat
Published
2023-10-06 03:41
Modified
2024-12-17 23:05
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 9
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* server: eap-7: heap exhaustion via deserialization (CVE-2023-3171)
* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)
* nodejs-semver: Regular expression denial of service (CVE-2022-25883)
* wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor (CVE-2023-4061)
* tough-cookie: prototype pollution in cookie memstore (CVE-2023-26136)
* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)
* netty: netty-handler: SniHandler 16MB allocation (CVE-2023-34462)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* server: eap-7: heap exhaustion via deserialization (CVE-2023-3171)\n\n* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)\n\n* nodejs-semver: Regular expression denial of service (CVE-2022-25883)\n\n* wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor (CVE-2023-4061)\n\n* tough-cookie: prototype pollution in cookie memstore (CVE-2023-26136)\n\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n\n* netty: netty-handler: SniHandler 16MB allocation (CVE-2023-34462)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:5486", "url": "https://access.redhat.com/errata/RHSA-2023:5486" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2182864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864" }, { "category": "external", "summary": "2213639", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639" }, { "category": "external", "summary": "2215465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465" }, { "category": "external", "summary": "2216475", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216475" }, { "category": "external", "summary": "2216888", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888" }, { "category": "external", "summary": "2219310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219310" }, { "category": "external", "summary": "2228608", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228608" }, { "category": "external", "summary": "JBEAP-24667", "url": "https://issues.redhat.com/browse/JBEAP-24667" }, { "category": "external", "summary": "JBEAP-24799", "url": "https://issues.redhat.com/browse/JBEAP-24799" }, { "category": "external", "summary": "JBEAP-24966", "url": "https://issues.redhat.com/browse/JBEAP-24966" }, { "category": "external", "summary": "JBEAP-24985", "url": "https://issues.redhat.com/browse/JBEAP-24985" }, { "category": "external", "summary": "JBEAP-25032", "url": "https://issues.redhat.com/browse/JBEAP-25032" }, { "category": "external", "summary": "JBEAP-25033", "url": "https://issues.redhat.com/browse/JBEAP-25033" }, { "category": "external", "summary": "JBEAP-25078", "url": "https://issues.redhat.com/browse/JBEAP-25078" }, { "category": "external", "summary": "JBEAP-25122", "url": "https://issues.redhat.com/browse/JBEAP-25122" }, { "category": "external", "summary": "JBEAP-25135", "url": "https://issues.redhat.com/browse/JBEAP-25135" }, { "category": "external", "summary": "JBEAP-25186", "url": "https://issues.redhat.com/browse/JBEAP-25186" }, { "category": "external", "summary": "JBEAP-25200", "url": "https://issues.redhat.com/browse/JBEAP-25200" }, { "category": "external", "summary": "JBEAP-25225", "url": "https://issues.redhat.com/browse/JBEAP-25225" }, { "category": "external", "summary": "JBEAP-25261", "url": "https://issues.redhat.com/browse/JBEAP-25261" }, { "category": "external", "summary": "JBEAP-25285", "url": "https://issues.redhat.com/browse/JBEAP-25285" }, { "category": "external", "summary": "JBEAP-25312", "url": "https://issues.redhat.com/browse/JBEAP-25312" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5486.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 9", "tracking": { "current_release_date": "2024-12-17T23:05:26+00:00", "generator": { "date": "2024-12-17T23:05:26+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2023:5486", "initial_release_date": "2023-10-06T03:41:07+00:00", "revision_history": [ { "date": "2023-10-06T03:41:07+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-10-06T03:41:07+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-17T23:05:26+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.4 for RHEL 9", "product": { "name": "Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.20-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src", "product": { "name": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src", "product_id": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.26-1.SP1_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-mod_cluster@1.4.5-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "product_id": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-31.Final_redhat_00030.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.94-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.13-2.SP1_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.10-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.19-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.15-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.12.2-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "product": { "name": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "product_id": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-15.redhat_00049.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "product": { "name": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "product_id": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.76.0-4.redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.94-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "product": { "name": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "product_id": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.13-8.GA_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.15.8-1.Final_redhat_00001.1.el9eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "product": { "name": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "product_id": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.31-1.Final_redhat_00001.1.el9eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.20-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.20-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "product_id": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.26-1.SP1_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-mod_cluster@1.4.5-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-31.Final_redhat_00030.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-31.Final_redhat_00030.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-31.Final_redhat_00030.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-buffer@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-dns@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-haproxy@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http2@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-memcache@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-mqtt@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-redis@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-smtp@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-socks@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-stomp@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-xml@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-common@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler-proxy@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns-classes-macos@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-epoll@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-kqueue@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-unix-common@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-rxtx@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-sctp@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-udt@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.13-2.SP1_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.13-2.SP1_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.10-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.19-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.15-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.15-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.15-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.15-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.15-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.15-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.15-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.15-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.15-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.12.2-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-15.redhat_00049.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-15.redhat_00049.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-15.redhat_00049.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-15.redhat_00049.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-15.redhat_00049.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-15.redhat_00049.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-15.redhat_00049.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-15.redhat_00049.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-15.redhat_00049.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-15.redhat_00049.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-15.redhat_00049.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-15.redhat_00049.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-15.redhat_00049.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-15.redhat_00049.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-15.redhat_00049.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-15.redhat_00049.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "product_id": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.76.0-4.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "product_id": "eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-mail@1.76.0-4.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "product_id": "eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-pg@1.76.0-4.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "product_id": "eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-pkix@1.76.0-4.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "product_id": "eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-prov@1.76.0-4.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "product_id": "eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-util@1.76.0-4.redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.13-8.GA_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.13-8.GA_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.13-8.GA_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.13-8.GA_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.13-8.GA_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "product_id": "eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.13-8.GA_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-client@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-binding-provider@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-rxjava2@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.31-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.31-1.Final_redhat_00001.1.el9eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.31-1.Final_redhat_00001.1.el9eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.94-1.Final_redhat_00001.1.el9eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll-debuginfo@4.1.94-1.Final_redhat_00001.1.el9eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src" }, "product_reference": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9", "product_id": "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "relates_to_product_reference": "9Base-JBEAP-7.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-25883", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2023-06-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2216475" } ], "notes": [ { "category": "description", "text": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the \u0027new Range\u0027 function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-semver: Regular expression denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Advanced Cluster Management for Kubernetes-2 and Red Hat Advanced Cluster Security-3 has been marked as Low severity because node-semver is a Dev dependency for those, used only during the build process, and not used in customer environments.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) the server-regexp dependency is protected by OAuth what is reducing impact by this flaw to Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25883" }, { "category": "external", "summary": "RHBZ#2216475", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216475" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25883", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25883", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25883" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795", "url": "https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795" } ], "release_date": "2023-06-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-06T03:41:07+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5486" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-semver: Regular expression denial of service" }, { "cve": "CVE-2023-3171", "cwe": { "id": "CWE-789", "name": "Memory Allocation with Excessive Size Value" }, "discovery_date": "2023-04-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2213639" } ], "notes": [ { "category": "description", "text": "A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "eap-7: heap exhaustion via deserialization", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-3171" }, { "category": "external", "summary": "RHBZ#2213639", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-3171", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3171" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3171", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3171" } ], "release_date": "2023-10-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-06T03:41:07+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5486" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "eap-7: heap exhaustion via deserialization" }, { "cve": "CVE-2023-4061", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2023-08-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2228608" } ], "notes": [ { "category": "description", "text": "A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability requires a malicious user to previously have access to the system, especially access to the HAL interface via browser and logged with a management user who have access to the resolve-expression method, hence the moderate impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" ], "known_not_affected": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4061" }, { "category": "external", "summary": "RHBZ#2228608", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228608" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4061", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4061" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4061", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4061" } ], "release_date": "2023-10-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-06T03:41:07+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5486" }, { "category": "workaround", "details": "Wildfly administrators are recommended to use Vault, especially the Elytron subsystem, to store potential critical information such as DNS, IPs, and credentials.", "product_ids": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor" }, { "acknowledgments": [ { "names": [ "Kokorin Vsevolod" ] } ], "cve": "CVE-2023-26136", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2023-07-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2219310" } ], "notes": [ { "category": "description", "text": "A flaw was found in the tough-cookie package which allows Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.", "title": "Vulnerability description" }, { "category": "summary", "text": "tough-cookie: prototype pollution in cookie memstore", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26136" }, { "category": "external", "summary": "RHBZ#2219310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219310" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26136", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26136" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26136", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26136" }, { "category": "external", "summary": "https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e", "url": "https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e" }, { "category": "external", "summary": "https://github.com/salesforce/tough-cookie/issues/282", "url": "https://github.com/salesforce/tough-cookie/issues/282" }, { "category": "external", "summary": "https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3", "url": "https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html", "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873", "url": "https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873" } ], "release_date": "2023-07-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-06T03:41:07+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5486" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tough-cookie: prototype pollution in cookie memstore" }, { "cve": "CVE-2023-26464", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2182864" } ], "notes": [ { "category": "description", "text": "A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j1-socketappender: DoS via hashmap logging", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 8 and 9 security impacts have been reduced to Low as they do not enable the vulnerable JDK by default.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26464" }, { "category": "external", "summary": "RHBZ#2182864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26464", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26464" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464" }, { "category": "external", "summary": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464", "url": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464" } ], "release_date": "2023-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-06T03:41:07+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5486" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "log4j1-socketappender: DoS via hashmap logging" }, { "cve": "CVE-2023-33201", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2023-06-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2215465" } ], "notes": [ { "category": "description", "text": "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch" ], "known_not_affected": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-33201" }, { "category": "external", "summary": "RHBZ#2215465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-33201", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201" }, { "category": "external", "summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201", "url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201" } ], "release_date": "2023-06-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-06T03:41:07+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5486" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate" }, { "cve": "CVE-2023-34462", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-06-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2216888" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty\u0027s SniHandler while navigating TLS handshake which may permit a large heap allocation if the handler did not have a timeout configured. This issue may allow an attacker to send a client hello packet which would cause the server to buffer large amounts of data per connection, potentially causing an out of memory error, resulting in Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: SniHandler 16MB allocation leads to OOM", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" ], "known_not_affected": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-34462" }, { "category": "external", "summary": "RHBZ#2216888", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-34462", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462" } ], "release_date": "2023-06-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-06T03:41:07+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5486" }, { "category": "workaround", "details": "Configuration of SniHandler with an idle timeout will mitigate this issue.", "product_ids": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src", "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src", "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64", "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src", "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch", "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: SniHandler 16MB allocation leads to OOM" } ] }
rhsa-2023_3663
Vulnerability from csaf_redhat
Published
2023-06-19 10:15
Modified
2024-12-17 23:05
Summary
Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
Notes
Topic
An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)
* Jenkins: XSS vulnerability in plugin manager (CVE-2023-27898)
* Jenkins: Temporary plugin file created with insecure permissions (CVE-2023-27899)
* jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)
* http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)
* springframework: BCrypt skips salt rounds for work factor of 31 (CVE-2022-22976)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin (CVE-2023-32981)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)
* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow (CVE-2022-41966)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)\n\n* Jenkins: XSS vulnerability in plugin manager (CVE-2023-27898)\n\n* Jenkins: Temporary plugin file created with insecure permissions (CVE-2023-27899)\n\n* jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)\n\n* http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)\n\n* springframework: BCrypt skips salt rounds for work factor of 31 (CVE-2022-22976)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin (CVE-2023-32981)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)\n\n* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:3663", "url": "https://access.redhat.com/errata/RHSA-2023:3663" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2087214", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087214" }, { "category": "external", "summary": "2116952", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116952" }, { "category": "external", "summary": "2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "2170431", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431" }, { "category": "external", "summary": "2177626", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177626" }, { "category": "external", "summary": "2177629", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177629" }, { "category": "external", "summary": "2177632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632" }, { "category": "external", "summary": "2177634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634" }, { "category": "external", "summary": "2180528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528" }, { "category": "external", "summary": "2182788", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182788" }, { "category": "external", "summary": "2182864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864" }, { "category": "external", "summary": "2188542", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542" }, { "category": "external", "summary": "2207830", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207830" }, { "category": "external", "summary": "2207835", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207835" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3663.json" } ], "title": "Red Hat Security Advisory: jenkins and jenkins-2-plugins security update", "tracking": { "current_release_date": "2024-12-17T23:05:24+00:00", "generator": { "date": "2024-12-17T23:05:24+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2023:3663", "initial_release_date": "2023-06-19T10:15:57+00:00", "revision_history": [ { "date": "2023-06-19T10:15:57+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-06-19T10:15:57+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-17T23:05:24+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product": { "name": "OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11", "product_identification_helper": { "cpe": "cpe:/a:redhat:ocp_tools:4.11::el8" } } } ], "category": "product_family", "name": "OpenShift Jenkins" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.401.1.1686831596-3.el8.src", "product": { "name": "jenkins-0:2.401.1.1686831596-3.el8.src", "product_id": "jenkins-0:2.401.1.1686831596-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.401.1.1686831596-3.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src", "product_id": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.11.1686831822-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.401.1.1686831596-3.el8.noarch", "product": { "name": "jenkins-0:2.401.1.1686831596-3.el8.noarch", "product_id": "jenkins-0:2.401.1.1686831596-3.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.401.1.1686831596-3.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.11.1686831822-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.401.1.1686831596-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch" }, "product_reference": "jenkins-0:2.401.1.1686831596-3.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.401.1.1686831596-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" }, "product_reference": "jenkins-0:2.401.1.1686831596-3.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.11" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-2048", "cwe": { "id": "CWE-410", "name": "Insufficient Resource Pool" }, "discovery_date": "2022-08-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2116952" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests.", "title": "Vulnerability description" }, { "category": "summary", "text": "http2-server: Invalid HTTP/2 requests cause DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2048" }, { "category": "external", "summary": "RHBZ#2116952", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116952" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2048", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2048" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2048", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2048" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j" } ], "release_date": "2022-07-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "http2-server: Invalid HTTP/2 requests cause DoS" }, { "cve": "CVE-2022-22976", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2022-05-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2087214" } ], "notes": [ { "category": "description", "text": "A flaw was found in Spring Framework. The encoder does not perform any salt rounds when using the BCrypt class with the maximum work factor (31) due to an integer overflow error.", "title": "Vulnerability description" }, { "category": "summary", "text": "springframework: BCrypt skips salt rounds for work factor of 31", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22976" }, { "category": "external", "summary": "RHBZ#2087214", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087214" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22976", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22976" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22976", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22976" }, { "category": "external", "summary": "https://tanzu.vmware.com/security/cve-2022-22976", "url": "https://tanzu.vmware.com/security/cve-2022-22976" } ], "release_date": "2022-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "springframework: BCrypt skips salt rounds for work factor of 31" }, { "cve": "CVE-2022-40149", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-10-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135771" } ], "notes": [ { "category": "description", "text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: parser crash by stackoverflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40149" }, { "category": "external", "summary": "RHBZ#2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40149" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: parser crash by stackoverflow" }, { "cve": "CVE-2022-40150", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-10-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135770" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: memory exhaustion via user-supplied XML or JSON data", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40150" }, { "category": "external", "summary": "RHBZ#2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40150" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jettison: memory exhaustion via user-supplied XML or JSON data" }, { "cve": "CVE-2022-41966", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2023-02-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170431" } ], "notes": [ { "category": "description", "text": "A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.", "title": "Vulnerability description" }, { "category": "summary", "text": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse 7 ships an affected version of XStream. No endpoint in any flavor of Fuse is accepting by default an unverified input stream passed directly to XStream unmarshaller. Documentation always recommend all the endpoints (TCP/UDP/HTTP(S)/other listeners) to have at least one layer of authentication/authorization and Fuse in general itself in particular has a lot of mechanisms to protect the endpoints.\n\nRed Hat Single Sign-On contains XStream as a transitive dependency from Infinispan and the same is not affected as NO_REFERENCE is in use.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41966" }, { "category": "external", "summary": "RHBZ#2170431", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41966", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41966" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966" }, { "category": "external", "summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv", "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv" } ], "release_date": "2022-12-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow" }, { "cve": "CVE-2022-42003", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135244" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42003" }, { "category": "external", "summary": "RHBZ#2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS" }, { "cve": "CVE-2022-42004", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135247" } ], "notes": [ { "category": "description", "text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: use of deeply nested arrays", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42004" }, { "category": "external", "summary": "RHBZ#2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: use of deeply nested arrays" }, { "cve": "CVE-2023-1370", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2023-04-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2188542" } ], "notes": [ { "category": "description", "text": "A flaw was found in the json-smart package. This security flaw occurs when reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.", "title": "Vulnerability description" }, { "category": "summary", "text": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1370" }, { "category": "external", "summary": "RHBZ#2188542", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1370", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-493p-pfq6-5258", "url": "https://github.com/advisories/GHSA-493p-pfq6-5258" }, { "category": "external", "summary": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", "url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/" } ], "release_date": "2023-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)" }, { "cve": "CVE-2023-1436", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2023-03-29T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2182788" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: Uncontrolled Recursion in JSONArray", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1436" }, { "category": "external", "summary": "RHBZ#2182788", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182788" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1436", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1436" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436" }, { "category": "external", "summary": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", "url": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/" } ], "release_date": "2023-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: Uncontrolled Recursion in JSONArray" }, { "cve": "CVE-2023-20860", "cwe": { "id": "CWE-155", "name": "Improper Neutralization of Wildcards or Matching Symbols" }, "discovery_date": "2023-03-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2180528" } ], "notes": [ { "category": "description", "text": "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.", "title": "Vulnerability description" }, { "category": "summary", "text": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-20860" }, { "category": "external", "summary": "RHBZ#2180528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-20860", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20860" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860" }, { "category": "external", "summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", "url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861" } ], "release_date": "2023-03-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern" }, { "cve": "CVE-2023-26464", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2182864" } ], "notes": [ { "category": "description", "text": "A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j1-socketappender: DoS via hashmap logging", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 8 and 9 security impacts have been reduced to Low as they do not enable the vulnerable JDK by default.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26464" }, { "category": "external", "summary": "RHBZ#2182864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26464", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26464" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464" }, { "category": "external", "summary": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464", "url": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464" } ], "release_date": "2023-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "log4j1-socketappender: DoS via hashmap logging" }, { "cve": "CVE-2023-27898", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177629" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. Affected versions of Jenkins do not escape the Jenkins version that a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins in the plugin manager. This issue results in a stored Cross-site scripting (XSS) vulnerability, exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: XSS vulnerability in plugin manager", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27898" }, { "category": "external", "summary": "RHBZ#2177629", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177629" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27898", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27898" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27898", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27898" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Jenkins: XSS vulnerability in plugin manager" }, { "cve": "CVE-2023-27899", "cwe": { "id": "CWE-378", "name": "Creation of Temporary File With Insecure Permissions" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177626" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. Jenkins creates a temporary file when a plugin is uploaded from an administrator\u2019s computer. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Temporary plugin file created with insecure permissions", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27899" }, { "category": "external", "summary": "RHBZ#2177626", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177626" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27899", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27899" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27899", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27899" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Jenkins: Temporary plugin file created with insecure permissions" }, { "cve": "CVE-2023-27903", "cwe": { "id": "CWE-266", "name": "Incorrect Privilege Assignment" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177632" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI\u2019s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Temporary file parameter created with insecure permissions", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27903" }, { "category": "external", "summary": "RHBZ#2177632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27903", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27903" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Jenkins: Temporary file parameter created with insecure permissions" }, { "cve": "CVE-2023-27904", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177634" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Information disclosure through error stack traces related to agents", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27904" }, { "category": "external", "summary": "RHBZ#2177634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27904", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27904" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Jenkins: Information disclosure through error stack traces related to agents" }, { "cve": "CVE-2023-32977", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-05-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2207830" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins Pipeline: Job Plugin. Affected versions of Jenkins Pipeline: Job Plugin are vulnerable to Cross-site scripting caused by improper validation of user-supplied input. This flaw allows a remote authenticated attacker to inject malicious script into a Web page, which would then be executed in a victim\u0027s Web browser within the security context of the hosting Web site once the page is viewed. The attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is in ELS. Jenkins and its related technologies will not be supported under ELS. Hence, OpenShift 3.11 is marked as affected/won\u0027tfix.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-32977" }, { "category": "external", "summary": "RHBZ#2207830", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207830" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-32977", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32977" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-32977", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32977" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042", "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042" } ], "release_date": "2023-05-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin" }, { "cve": "CVE-2023-32981", "discovery_date": "2023-05-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2207835" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins Pipeline Utility Steps Plugin. This flaw allows a remote, authenticated attacker to traverse directories on the system, caused by improper archive file validation. The attacker can use a specially crafted archive file containing \"dot dot\" sequences (/../) to create or replace arbitrary files on the agent file system with attacker-specified content.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is in ELS. Jenkins and its related technologies will not be supported under ELS. Hence, OpenShift 3.11 is marked as affected/won\u0027tfix.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-32981" }, { "category": "external", "summary": "RHBZ#2207835", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207835" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-32981", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32981" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-32981", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32981" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196", "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196" } ], "release_date": "2023-05-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin" } ] }
rhsa-2023_5485
Vulnerability from csaf_redhat
Published
2023-10-06 07:21
Modified
2024-12-17 23:05
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 8
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* server: eap-7: heap exhaustion via deserialization (CVE-2023-3171)
* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)
* nodejs-semver: Regular expression denial of service (CVE-2022-25883)
* wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor (CVE-2023-4061)
* tough-cookie: prototype pollution in cookie memstore (CVE-2023-26136)
* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)
* netty: netty-handler: SniHandler 16MB allocation (CVE-2023-34462)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* server: eap-7: heap exhaustion via deserialization (CVE-2023-3171)\n\n* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)\n\n* nodejs-semver: Regular expression denial of service (CVE-2022-25883)\n\n* wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor (CVE-2023-4061)\n\n* tough-cookie: prototype pollution in cookie memstore (CVE-2023-26136)\n\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n\n* netty: netty-handler: SniHandler 16MB allocation (CVE-2023-34462)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:5485", "url": "https://access.redhat.com/errata/RHSA-2023:5485" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2182864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864" }, { "category": "external", "summary": "2213639", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639" }, { "category": "external", "summary": "2215465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465" }, { "category": "external", "summary": "2216475", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216475" }, { "category": "external", "summary": "2216888", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888" }, { "category": "external", "summary": "2219310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219310" }, { "category": "external", "summary": "2228608", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228608" }, { "category": "external", "summary": "JBEAP-24667", "url": "https://issues.redhat.com/browse/JBEAP-24667" }, { "category": "external", "summary": "JBEAP-24798", "url": "https://issues.redhat.com/browse/JBEAP-24798" }, { "category": "external", "summary": "JBEAP-24966", "url": "https://issues.redhat.com/browse/JBEAP-24966" }, { "category": "external", "summary": "JBEAP-24985", "url": "https://issues.redhat.com/browse/JBEAP-24985" }, { "category": "external", "summary": "JBEAP-25032", "url": "https://issues.redhat.com/browse/JBEAP-25032" }, { "category": "external", "summary": "JBEAP-25033", "url": "https://issues.redhat.com/browse/JBEAP-25033" }, { "category": "external", "summary": "JBEAP-25078", "url": "https://issues.redhat.com/browse/JBEAP-25078" }, { "category": "external", "summary": "JBEAP-25122", "url": "https://issues.redhat.com/browse/JBEAP-25122" }, { "category": "external", "summary": "JBEAP-25135", "url": "https://issues.redhat.com/browse/JBEAP-25135" }, { "category": "external", "summary": "JBEAP-25186", "url": "https://issues.redhat.com/browse/JBEAP-25186" }, { "category": "external", "summary": "JBEAP-25200", "url": "https://issues.redhat.com/browse/JBEAP-25200" }, { "category": "external", "summary": "JBEAP-25225", "url": "https://issues.redhat.com/browse/JBEAP-25225" }, { "category": "external", "summary": "JBEAP-25261", "url": "https://issues.redhat.com/browse/JBEAP-25261" }, { "category": "external", "summary": "JBEAP-25285", "url": "https://issues.redhat.com/browse/JBEAP-25285" }, { "category": "external", "summary": "JBEAP-25312", "url": "https://issues.redhat.com/browse/JBEAP-25312" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5485.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 8", "tracking": { "current_release_date": "2024-12-17T23:05:37+00:00", "generator": { "date": "2024-12-17T23:05:37+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2023:5485", "initial_release_date": "2023-10-06T07:21:50+00:00", "revision_history": [ { "date": "2023-10-06T07:21:50+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-10-06T07:21:50+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-17T23:05:37+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.4 for RHEL 8", "product": { "name": "Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.15.8-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "product_id": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-31.Final_redhat_00030.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.13-2.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.94-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.10-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-mod_cluster@1.4.5-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.20-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.31-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.19-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.15-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "product": { "name": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "product_id": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-15.redhat_00049.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "product": { "name": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "product_id": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.76.0-4.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.13-8.GA_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.12.2-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.26-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.94-1.Final_redhat_00001.1.el8eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy@3.15.8-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.15.8-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.15.8-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-client@3.15.8-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.15.8-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.15.8-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.15.8-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.15.8-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.15.8-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.15.8-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.15.8-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.15.8-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-binding-provider@3.15.8-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.15.8-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.15.8-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-rxjava2@3.15.8-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.15.8-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.15.8-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.15.8-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-31.Final_redhat_00030.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-31.Final_redhat_00030.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-31.Final_redhat_00030.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.13-2.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.13-2.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-all@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-buffer@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-dns@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-haproxy@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http2@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-memcache@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-mqtt@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-redis@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-smtp@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-socks@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-stomp@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-xml@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-common@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler-proxy@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns-classes-macos@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-epoll@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-kqueue@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-unix-common@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-rxtx@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-sctp@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-udt@4.1.94-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.10-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-mod_cluster@1.4.5-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.20-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.20-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.31-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.31-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.31-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.31-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.31-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.19-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-15.redhat_00049.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-15.redhat_00049.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-15.redhat_00049.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-15.redhat_00049.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-15.redhat_00049.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-15.redhat_00049.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-15.redhat_00049.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-15.redhat_00049.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-15.redhat_00049.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-15.redhat_00049.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-15.redhat_00049.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-15.redhat_00049.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-15.redhat_00049.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-15.redhat_00049.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-15.redhat_00049.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-15.redhat_00049.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "product_id": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.76.0-4.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "product_id": "eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-mail@1.76.0-4.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "product_id": "eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-pg@1.76.0-4.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "product_id": "eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-pkix@1.76.0-4.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "product_id": "eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-prov@1.76.0-4.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "product_id": "eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-bouncycastle-util@1.76.0-4.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.13-8.GA_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.13-8.GA_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.13-8.GA_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.13-8.GA_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.13-8.GA_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.13-8.GA_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.12.2-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.26-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.94-1.Final_redhat_00001.1.el8eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll-debuginfo@4.1.94-1.Final_redhat_00001.1.el8eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-25883", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2023-06-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2216475" } ], "notes": [ { "category": "description", "text": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the \u0027new Range\u0027 function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-semver: Regular expression denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Advanced Cluster Management for Kubernetes-2 and Red Hat Advanced Cluster Security-3 has been marked as Low severity because node-semver is a Dev dependency for those, used only during the build process, and not used in customer environments.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) the server-regexp dependency is protected by OAuth what is reducing impact by this flaw to Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25883" }, { "category": "external", "summary": "RHBZ#2216475", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216475" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25883", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25883", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25883" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795", "url": "https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795" } ], "release_date": "2023-06-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-06T07:21:50+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5485" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-semver: Regular expression denial of service" }, { "cve": "CVE-2023-3171", "cwe": { "id": "CWE-789", "name": "Memory Allocation with Excessive Size Value" }, "discovery_date": "2023-04-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2213639" } ], "notes": [ { "category": "description", "text": "A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "eap-7: heap exhaustion via deserialization", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-3171" }, { "category": "external", "summary": "RHBZ#2213639", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-3171", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3171" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3171", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3171" } ], "release_date": "2023-10-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-06T07:21:50+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5485" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "eap-7: heap exhaustion via deserialization" }, { "cve": "CVE-2023-4061", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2023-08-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2228608" } ], "notes": [ { "category": "description", "text": "A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability requires a malicious user to previously have access to the system, especially access to the HAL interface via browser and logged with a management user who have access to the resolve-expression method, hence the moderate impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4061" }, { "category": "external", "summary": "RHBZ#2228608", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228608" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4061", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4061" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4061", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4061" } ], "release_date": "2023-10-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-06T07:21:50+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5485" }, { "category": "workaround", "details": "Wildfly administrators are recommended to use Vault, especially the Elytron subsystem, to store potential critical information such as DNS, IPs, and credentials.", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor" }, { "acknowledgments": [ { "names": [ "Kokorin Vsevolod" ] } ], "cve": "CVE-2023-26136", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2023-07-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2219310" } ], "notes": [ { "category": "description", "text": "A flaw was found in the tough-cookie package which allows Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.", "title": "Vulnerability description" }, { "category": "summary", "text": "tough-cookie: prototype pollution in cookie memstore", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26136" }, { "category": "external", "summary": "RHBZ#2219310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219310" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26136", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26136" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26136", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26136" }, { "category": "external", "summary": "https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e", "url": "https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e" }, { "category": "external", "summary": "https://github.com/salesforce/tough-cookie/issues/282", "url": "https://github.com/salesforce/tough-cookie/issues/282" }, { "category": "external", "summary": "https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3", "url": "https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html", "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873", "url": "https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873" } ], "release_date": "2023-07-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-06T07:21:50+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5485" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tough-cookie: prototype pollution in cookie memstore" }, { "cve": "CVE-2023-26464", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2182864" } ], "notes": [ { "category": "description", "text": "A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j1-socketappender: DoS via hashmap logging", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 8 and 9 security impacts have been reduced to Low as they do not enable the vulnerable JDK by default.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26464" }, { "category": "external", "summary": "RHBZ#2182864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26464", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26464" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464" }, { "category": "external", "summary": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464", "url": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464" } ], "release_date": "2023-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-06T07:21:50+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5485" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "log4j1-socketappender: DoS via hashmap logging" }, { "cve": "CVE-2023-33201", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2023-06-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2215465" } ], "notes": [ { "category": "description", "text": "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-33201" }, { "category": "external", "summary": "RHBZ#2215465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-33201", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201" }, { "category": "external", "summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201", "url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201" } ], "release_date": "2023-06-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-06T07:21:50+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5485" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bouncycastle: potential blind LDAP injection attack using a self-signed certificate" }, { "cve": "CVE-2023-34462", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-06-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2216888" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty\u0027s SniHandler while navigating TLS handshake which may permit a large heap allocation if the handler did not have a timeout configured. This issue may allow an attacker to send a client hello packet which would cause the server to buffer large amounts of data per connection, potentially causing an out of memory error, resulting in Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: SniHandler 16MB allocation leads to OOM", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-34462" }, { "category": "external", "summary": "RHBZ#2216888", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-34462", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462" } ], "release_date": "2023-06-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-06T07:21:50+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5485" }, { "category": "workaround", "details": "Configuration of SniHandler with an idle timeout will mitigate this issue.", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.31-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el8eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: SniHandler 16MB allocation leads to OOM" } ] }
wid-sec-w-2024-0064
Vulnerability from csaf_certbund
Published
2024-01-10 23:00
Modified
2024-01-10 23:00
Summary
Juniper Produkte: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JUNOS ist das "Juniper Network Operating System", das in Juniper Appliances verwendet wird.
SRX Series Services Gateways ist ein Next-Generation Anti-Threat Firewall von Juniper.
Bei den Switches der Juniper EX-Serie handelt es sich um Access- und Aggregations-/Core-Layer-Switches.
Die Switches der QFX-Serie von Juniper sichern und automatisieren Netzwerke in Rechenzentren.
Die Juniper MX-Serie ist eine Produktfamilie von Routern.
Angriff
Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter, lokaler oder physischer Angreifer kann mehrere Schwachstellen in Juniper JUNOS, Juniper JUNOS Evolved, Juniper SRX Series, Juniper EX Series, Juniper QFX Series, Juniper ACX Series, Juniper PTX Series und Juniper MX Series ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und seine Berechtigungen zu erweitern.
Betroffene Betriebssysteme
- BIOS/Firmware
- Appliance
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "JUNOS ist das \"Juniper Network Operating System\", das in Juniper Appliances verwendet wird.\r\nSRX Series Services Gateways ist ein Next-Generation Anti-Threat Firewall von Juniper.\r\nBei den Switches der Juniper EX-Serie handelt es sich um Access- und Aggregations-/Core-Layer-Switches.\r\nDie Switches der QFX-Serie von Juniper sichern und automatisieren Netzwerke in Rechenzentren. \r\nDie Juniper MX-Serie ist eine Produktfamilie von Routern.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter, lokaler oder physischer Angreifer kann mehrere Schwachstellen in Juniper JUNOS, Juniper JUNOS Evolved, Juniper SRX Series, Juniper EX Series, Juniper QFX Series, Juniper ACX Series, Juniper PTX Series und Juniper MX Series ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und seine Berechtigungen zu erweitern.", "title": "Angriff" }, { "category": "general", "text": "- BIOS/Firmware\n- Appliance", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0064 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0064.json" }, { "category": "self", "summary": "WID-SEC-2024-0064 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0064" }, { "category": "external", "summary": "Juniper Security Advisory JSA11272 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA11272" }, { "category": "external", "summary": "Juniper Security Advisory JSA75233 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75233" }, { "category": "external", "summary": "Juniper Security Advisory JSA75721 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75721" }, { "category": "external", "summary": "Juniper Security Advisory JSA75723 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75723" }, { "category": "external", "summary": "Juniper Security Advisory JSA75725 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75725" }, { "category": "external", "summary": "Juniper Security Advisory JSA75727 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75727" }, { "category": "external", "summary": "Juniper Security Advisory JSA75729 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75729" }, { "category": "external", "summary": "Juniper Security Advisory JSA75730 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75730" }, { "category": "external", "summary": "Juniper Security Advisory JSA75733 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75733" }, { "category": "external", "summary": "Juniper Security Advisory JSA75734 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75734" }, { "category": "external", "summary": "Juniper Security Advisory JSA75735 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75735" }, { "category": "external", "summary": "Juniper Security Advisory JSA75736 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75736" }, { "category": "external", "summary": "Juniper Security Advisory JSA75737 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75737" }, { "category": "external", "summary": "Juniper Security Advisory JSA75738 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75738" }, { "category": "external", "summary": "Juniper Security Advisory JSA75740 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75740" }, { "category": "external", "summary": "Juniper Security Advisory JSA75741 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75741" }, { "category": "external", "summary": "Juniper Security Advisory JSA75742 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75742" }, { "category": "external", "summary": "Juniper Security Advisory JSA75743 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75743" }, { "category": "external", "summary": "Juniper Security Advisory JSA75744 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75744" }, { "category": "external", "summary": "Juniper Security Advisory JSA75745 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75745" }, { "category": "external", "summary": "Juniper Security Advisory JSA75747 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75747" }, { "category": "external", "summary": "Juniper Security Advisory JSA75748 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75748" }, { "category": "external", "summary": "Juniper Security Advisory JSA75752 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75752" }, { "category": "external", "summary": "Juniper Security Advisory JSA75753 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75753" }, { "category": "external", "summary": "Juniper Security Advisory JSA75754 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75754" }, { "category": "external", "summary": "Juniper Security Advisory JSA75755 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75755" }, { "category": "external", "summary": "Juniper Security Advisory JSA75757 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75757" }, { "category": "external", "summary": "Juniper Security Advisory JSA75758 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75758" } ], "source_lang": "en-US", "title": "Juniper Produkte: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-01-10T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:56:09.941+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0064", "initial_release_date": "2024-01-10T23:00:00.000+00:00", "revision_history": [ { "date": "2024-01-10T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Juniper EX Series", "product": { "name": "Juniper EX Series", "product_id": "T019811", "product_identification_helper": { "cpe": "cpe:/h:juniper:ex:-" } } }, { "category": "product_name", "name": "Juniper EX Series 4600", "product": { "name": "Juniper EX Series 4600", "product_id": "T021598", "product_identification_helper": { "cpe": "cpe:/h:juniper:ex:ex4600" } } }, { "category": "product_name", "name": "Juniper EX Series 4100", "product": { "name": "Juniper EX Series 4100", "product_id": "T030475", "product_identification_helper": { "cpe": "cpe:/h:juniper:ex:4100" } } }, { "category": "product_name", "name": "Juniper EX Series 4400", "product": { "name": "Juniper EX Series 4400", "product_id": "T030476", "product_identification_helper": { "cpe": "cpe:/h:juniper:ex:4400" } } }, { "category": "product_name", "name": "Juniper EX Series EX9200", "product": { "name": "Juniper EX Series EX9200", "product_id": "T031997", "product_identification_helper": { "cpe": "cpe:/h:juniper:ex:ex9200" } } } ], "category": "product_name", "name": "EX Series" }, { "branches": [ { "category": "product_name", "name": "Juniper JUNOS Evolved", "product": { "name": "Juniper JUNOS Evolved", "product_id": "T018886", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:evolved" } } }, { "category": "product_name", "name": "Juniper JUNOS PTX Series", "product": { "name": "Juniper JUNOS PTX Series", "product_id": "T023853", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:ptx_series" } } }, { "category": "product_name", "name": "Juniper JUNOS", "product": { "name": "Juniper JUNOS", "product_id": "T030471", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:-" } } }, { "category": "product_name", "name": "Juniper JUNOS ACX7024", "product": { "name": "Juniper JUNOS ACX7024", "product_id": "T031994", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:acx7024" } } }, { "category": "product_name", "name": "Juniper JUNOS ACX7100-32C", "product": { "name": "Juniper JUNOS ACX7100-32C", "product_id": "T031995", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:acx7100-32c" } } }, { "category": "product_name", "name": "Juniper JUNOS ACX7100-48L", "product": { "name": "Juniper JUNOS ACX7100-48L", "product_id": "T031996", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:acx7100-48l" } } } ], "category": "product_name", "name": "JUNOS" }, { "category": "product_name", "name": "Juniper MX Series", "product": { "name": "Juniper MX Series", "product_id": "918766", "product_identification_helper": { "cpe": "cpe:/h:juniper:mx:-" } } }, { "category": "product_name", "name": "Juniper QFX Series 5000", "product": { "name": "Juniper QFX Series 5000", "product_id": "T021597", "product_identification_helper": { "cpe": "cpe:/h:juniper:qfx:qfx5000" } } }, { "category": "product_name", "name": "Juniper SRX Series", "product": { "name": "Juniper SRX Series", "product_id": "T021593", "product_identification_helper": { "cpe": "cpe:/h:juniper:srx_service_gateways:-" } } } ], "category": "vendor", "name": "Juniper" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-2964", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-2964" }, { "cve": "CVE-2022-2873", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-2873" }, { "cve": "CVE-2022-2795", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-2795" }, { "cve": "CVE-2022-2663", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-2663" }, { "cve": "CVE-2022-25265", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-25265" }, { "cve": "CVE-2022-23307", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-23307" }, { "cve": "CVE-2022-23305", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-23305" }, { "cve": "CVE-2022-23302", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-23302" }, { "cve": "CVE-2022-22942", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-22942" }, { "cve": "CVE-2022-2196", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-2196" }, { "cve": "CVE-2022-21699", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-21699" }, { "cve": "CVE-2022-20141", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-20141" }, { "cve": "CVE-2022-1789", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-1789" }, { "cve": "CVE-2022-1679", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-1679" }, { "cve": "CVE-2022-1462", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-1462" }, { "cve": "CVE-2022-0934", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-0934" }, { "cve": "CVE-2022-0330", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-0330" }, { "cve": "CVE-2021-44832", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-44832" }, { "cve": "CVE-2021-44790", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-44790" }, { "cve": "CVE-2021-44228", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-44228" }, { "cve": "CVE-2021-4155", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-4155" }, { "cve": "CVE-2021-39275", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-39275" }, { "cve": "CVE-2021-3752", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-3752" }, { "cve": "CVE-2021-3621", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-3621" }, { "cve": "CVE-2021-3573", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-3573" }, { "cve": "CVE-2021-3564", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-3564" }, { "cve": "CVE-2021-34798", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-34798" }, { "cve": "CVE-2021-33656", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-33656" }, { "cve": "CVE-2021-33655", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-33655" }, { "cve": "CVE-2021-26691", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-26691" }, { "cve": "CVE-2021-26341", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-26341" }, { "cve": "CVE-2021-25220", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-25220" }, { "cve": "CVE-2021-0920", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-0920" }, { "cve": "CVE-2020-9493", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2020-9493" }, { "cve": "CVE-2020-12321", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2020-12321" }, { "cve": "CVE-2020-0466", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2020-0466" }, { "cve": "CVE-2020-0465", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2020-0465" }, { "cve": "CVE-2019-17571", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2019-17571" }, { "cve": "CVE-2016-2183", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2016-2183" }, { "cve": "CVE-2024-21617", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21617" }, { "cve": "CVE-2024-21616", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21616" }, { "cve": "CVE-2024-21614", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21614" }, { "cve": "CVE-2024-21613", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21613" }, { "cve": "CVE-2024-21612", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21612" }, { "cve": "CVE-2024-21611", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21611" }, { "cve": "CVE-2024-21607", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21607" }, { "cve": "CVE-2024-21606", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21606" }, { "cve": "CVE-2024-21604", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21604" }, { "cve": "CVE-2024-21603", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21603" }, { "cve": "CVE-2024-21602", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21602" }, { "cve": "CVE-2024-21601", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21601" }, { "cve": "CVE-2024-21600", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21600" }, { "cve": "CVE-2024-21599", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21599" }, { "cve": "CVE-2024-21597", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21597" }, { "cve": "CVE-2024-21596", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21596" }, { "cve": "CVE-2024-21595", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21595" }, { "cve": "CVE-2024-21594", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21594" }, { "cve": "CVE-2024-21591", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21591" }, { "cve": "CVE-2024-21589", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21589" }, { "cve": "CVE-2024-21587", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21587" }, { "cve": "CVE-2024-21585", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21585" }, { "cve": "CVE-2023-38802", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-38802" }, { "cve": "CVE-2023-38408", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-38408" }, { "cve": "CVE-2023-3817", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-3817" }, { "cve": "CVE-2023-36842", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-36842" }, { "cve": "CVE-2023-3446", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-3446" }, { "cve": "CVE-2023-3341", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-3341" }, { "cve": "CVE-2023-32360", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-32360" }, { "cve": "CVE-2023-32067", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-32067" }, { "cve": "CVE-2023-2828", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-2828" }, { "cve": "CVE-2023-2650", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-2650" }, { "cve": "CVE-2023-26464", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-26464" }, { "cve": "CVE-2023-24329", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-24329" }, { "cve": "CVE-2023-23920", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-23920" }, { "cve": "CVE-2023-23918", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-23918" }, { "cve": "CVE-2023-23454", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-23454" }, { "cve": "CVE-2023-22809", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-22809" }, { "cve": "CVE-2023-2235", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-2235" }, { "cve": "CVE-2023-22081", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-22081" }, { "cve": "CVE-2023-22049", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-22049" }, { "cve": "CVE-2023-22045", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-22045" }, { "cve": "CVE-2023-21968", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-21968" }, { "cve": "CVE-2023-21967", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-21967" }, { "cve": "CVE-2023-21954", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-21954" }, { "cve": "CVE-2023-2194", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-2194" }, { "cve": "CVE-2023-21939", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-21939" }, { "cve": "CVE-2023-21938", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-21938" }, { "cve": "CVE-2023-21937", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-21937" }, { "cve": "CVE-2023-21930", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-21930" }, { "cve": "CVE-2023-21843", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-21843" }, { "cve": "CVE-2023-21830", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-21830" }, { "cve": "CVE-2023-2124", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-2124" }, { "cve": "CVE-2023-20593", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-20593" }, { "cve": "CVE-2023-20569", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-20569" }, { "cve": "CVE-2023-1829", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-1829" }, { "cve": "CVE-2023-1582", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-1582" }, { "cve": "CVE-2023-1281", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-1281" }, { "cve": "CVE-2023-1195", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-1195" }, { "cve": "CVE-2023-0767", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-0767" }, { "cve": "CVE-2023-0461", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-0461" }, { "cve": "CVE-2023-0394", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-0394" }, { "cve": "CVE-2023-0386", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-0386" }, { "cve": "CVE-2023-0286", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-0286" }, { "cve": "CVE-2023-0266", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-0266" }, { "cve": "CVE-2022-47929", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-47929" }, { "cve": "CVE-2022-43945", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-43945" }, { "cve": "CVE-2022-4378", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-4378" }, { "cve": "CVE-2022-43750", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-43750" }, { "cve": "CVE-2022-42896", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-42896" }, { "cve": "CVE-2022-42722", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-42722" }, { "cve": "CVE-2022-42721", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-42721" }, { "cve": "CVE-2022-42720", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-42720" }, { "cve": "CVE-2022-42703", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-42703" }, { "cve": "CVE-2022-4269", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-4269" }, { "cve": "CVE-2022-4254", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-4254" }, { "cve": "CVE-2022-41974", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-41974" }, { "cve": "CVE-2022-41674", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-41674" }, { "cve": "CVE-2022-4139", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-4139" }, { "cve": "CVE-2022-4129", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-4129" }, { "cve": "CVE-2022-41222", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-41222" }, { "cve": "CVE-2022-41218", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-41218" }, { "cve": "CVE-2022-39189", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-39189" }, { "cve": "CVE-2022-39188", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-39188" }, { "cve": "CVE-2022-38023", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-38023" }, { "cve": "CVE-2022-37434", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-37434" }, { "cve": "CVE-2022-3707", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3707" }, { "cve": "CVE-2022-3628", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3628" }, { "cve": "CVE-2022-3625", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3625" }, { "cve": "CVE-2022-3623", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3623" }, { "cve": "CVE-2022-3619", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3619" }, { "cve": "CVE-2022-3567", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3567" }, { "cve": "CVE-2022-3566", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3566" }, { "cve": "CVE-2022-3564", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3564" }, { "cve": "CVE-2022-3524", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3524" }, { "cve": "CVE-2022-3239", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3239" }, { "cve": "CVE-2022-30594", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-30594" }, { "cve": "CVE-2022-3028", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3028" } ] }
WID-SEC-W-2024-0064
Vulnerability from csaf_certbund
Published
2024-01-10 23:00
Modified
2024-01-10 23:00
Summary
Juniper Produkte: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JUNOS ist das "Juniper Network Operating System", das in Juniper Appliances verwendet wird.
SRX Series Services Gateways ist ein Next-Generation Anti-Threat Firewall von Juniper.
Bei den Switches der Juniper EX-Serie handelt es sich um Access- und Aggregations-/Core-Layer-Switches.
Die Switches der QFX-Serie von Juniper sichern und automatisieren Netzwerke in Rechenzentren.
Die Juniper MX-Serie ist eine Produktfamilie von Routern.
Angriff
Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter, lokaler oder physischer Angreifer kann mehrere Schwachstellen in Juniper JUNOS, Juniper JUNOS Evolved, Juniper SRX Series, Juniper EX Series, Juniper QFX Series, Juniper ACX Series, Juniper PTX Series und Juniper MX Series ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und seine Berechtigungen zu erweitern.
Betroffene Betriebssysteme
- BIOS/Firmware
- Appliance
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "JUNOS ist das \"Juniper Network Operating System\", das in Juniper Appliances verwendet wird.\r\nSRX Series Services Gateways ist ein Next-Generation Anti-Threat Firewall von Juniper.\r\nBei den Switches der Juniper EX-Serie handelt es sich um Access- und Aggregations-/Core-Layer-Switches.\r\nDie Switches der QFX-Serie von Juniper sichern und automatisieren Netzwerke in Rechenzentren. \r\nDie Juniper MX-Serie ist eine Produktfamilie von Routern.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter, lokaler oder physischer Angreifer kann mehrere Schwachstellen in Juniper JUNOS, Juniper JUNOS Evolved, Juniper SRX Series, Juniper EX Series, Juniper QFX Series, Juniper ACX Series, Juniper PTX Series und Juniper MX Series ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und seine Berechtigungen zu erweitern.", "title": "Angriff" }, { "category": "general", "text": "- BIOS/Firmware\n- Appliance", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0064 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0064.json" }, { "category": "self", "summary": "WID-SEC-2024-0064 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0064" }, { "category": "external", "summary": "Juniper Security Advisory JSA11272 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA11272" }, { "category": "external", "summary": "Juniper Security Advisory JSA75233 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75233" }, { "category": "external", "summary": "Juniper Security Advisory JSA75721 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75721" }, { "category": "external", "summary": "Juniper Security Advisory JSA75723 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75723" }, { "category": "external", "summary": "Juniper Security Advisory JSA75725 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75725" }, { "category": "external", "summary": "Juniper Security Advisory JSA75727 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75727" }, { "category": "external", "summary": "Juniper Security Advisory JSA75729 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75729" }, { "category": "external", "summary": "Juniper Security Advisory JSA75730 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75730" }, { "category": "external", "summary": "Juniper Security Advisory JSA75733 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75733" }, { "category": "external", "summary": "Juniper Security Advisory JSA75734 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75734" }, { "category": "external", "summary": "Juniper Security Advisory JSA75735 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75735" }, { "category": "external", "summary": "Juniper Security Advisory JSA75736 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75736" }, { "category": "external", "summary": "Juniper Security Advisory JSA75737 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75737" }, { "category": "external", "summary": "Juniper Security Advisory JSA75738 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75738" }, { "category": "external", "summary": "Juniper Security Advisory JSA75740 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75740" }, { "category": "external", "summary": "Juniper Security Advisory JSA75741 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75741" }, { "category": "external", "summary": "Juniper Security Advisory JSA75742 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75742" }, { "category": "external", "summary": "Juniper Security Advisory JSA75743 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75743" }, { "category": "external", "summary": "Juniper Security Advisory JSA75744 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75744" }, { "category": "external", "summary": "Juniper Security Advisory JSA75745 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75745" }, { "category": "external", "summary": "Juniper Security Advisory JSA75747 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75747" }, { "category": "external", "summary": "Juniper Security Advisory JSA75748 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75748" }, { "category": "external", "summary": "Juniper Security Advisory JSA75752 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75752" }, { "category": "external", "summary": "Juniper Security Advisory JSA75753 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75753" }, { "category": "external", "summary": "Juniper Security Advisory JSA75754 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75754" }, { "category": "external", "summary": "Juniper Security Advisory JSA75755 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75755" }, { "category": "external", "summary": "Juniper Security Advisory JSA75757 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75757" }, { "category": "external", "summary": "Juniper Security Advisory JSA75758 vom 2024-01-10", "url": "https://supportportal.juniper.net/JSA75758" } ], "source_lang": "en-US", "title": "Juniper Produkte: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-01-10T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:56:09.941+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0064", "initial_release_date": "2024-01-10T23:00:00.000+00:00", "revision_history": [ { "date": "2024-01-10T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Juniper EX Series", "product": { "name": "Juniper EX Series", "product_id": "T019811", "product_identification_helper": { "cpe": "cpe:/h:juniper:ex:-" } } }, { "category": "product_name", "name": "Juniper EX Series 4600", "product": { "name": "Juniper EX Series 4600", "product_id": "T021598", "product_identification_helper": { "cpe": "cpe:/h:juniper:ex:ex4600" } } }, { "category": "product_name", "name": "Juniper EX Series 4100", "product": { "name": "Juniper EX Series 4100", "product_id": "T030475", "product_identification_helper": { "cpe": "cpe:/h:juniper:ex:4100" } } }, { "category": "product_name", "name": "Juniper EX Series 4400", "product": { "name": "Juniper EX Series 4400", "product_id": "T030476", "product_identification_helper": { "cpe": "cpe:/h:juniper:ex:4400" } } }, { "category": "product_name", "name": "Juniper EX Series EX9200", "product": { "name": "Juniper EX Series EX9200", "product_id": "T031997", "product_identification_helper": { "cpe": "cpe:/h:juniper:ex:ex9200" } } } ], "category": "product_name", "name": "EX Series" }, { "branches": [ { "category": "product_name", "name": "Juniper JUNOS Evolved", "product": { "name": "Juniper JUNOS Evolved", "product_id": "T018886", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:evolved" } } }, { "category": "product_name", "name": "Juniper JUNOS PTX Series", "product": { "name": "Juniper JUNOS PTX Series", "product_id": "T023853", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:ptx_series" } } }, { "category": "product_name", "name": "Juniper JUNOS", "product": { "name": "Juniper JUNOS", "product_id": "T030471", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:-" } } }, { "category": "product_name", "name": "Juniper JUNOS ACX7024", "product": { "name": "Juniper JUNOS ACX7024", "product_id": "T031994", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:acx7024" } } }, { "category": "product_name", "name": "Juniper JUNOS ACX7100-32C", "product": { "name": "Juniper JUNOS ACX7100-32C", "product_id": "T031995", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:acx7100-32c" } } }, { "category": "product_name", "name": "Juniper JUNOS ACX7100-48L", "product": { "name": "Juniper JUNOS ACX7100-48L", "product_id": "T031996", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:acx7100-48l" } } } ], "category": "product_name", "name": "JUNOS" }, { "category": "product_name", "name": "Juniper MX Series", "product": { "name": "Juniper MX Series", "product_id": "918766", "product_identification_helper": { "cpe": "cpe:/h:juniper:mx:-" } } }, { "category": "product_name", "name": "Juniper QFX Series 5000", "product": { "name": "Juniper QFX Series 5000", "product_id": "T021597", "product_identification_helper": { "cpe": "cpe:/h:juniper:qfx:qfx5000" } } }, { "category": "product_name", "name": "Juniper SRX Series", "product": { "name": "Juniper SRX Series", "product_id": "T021593", "product_identification_helper": { "cpe": "cpe:/h:juniper:srx_service_gateways:-" } } } ], "category": "vendor", "name": "Juniper" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-2964", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-2964" }, { "cve": "CVE-2022-2873", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-2873" }, { "cve": "CVE-2022-2795", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-2795" }, { "cve": "CVE-2022-2663", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-2663" }, { "cve": "CVE-2022-25265", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-25265" }, { "cve": "CVE-2022-23307", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-23307" }, { "cve": "CVE-2022-23305", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-23305" }, { "cve": "CVE-2022-23302", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-23302" }, { "cve": "CVE-2022-22942", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-22942" }, { "cve": "CVE-2022-2196", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-2196" }, { "cve": "CVE-2022-21699", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-21699" }, { "cve": "CVE-2022-20141", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-20141" }, { "cve": "CVE-2022-1789", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-1789" }, { "cve": "CVE-2022-1679", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-1679" }, { "cve": "CVE-2022-1462", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-1462" }, { "cve": "CVE-2022-0934", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-0934" }, { "cve": "CVE-2022-0330", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-0330" }, { "cve": "CVE-2021-44832", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-44832" }, { "cve": "CVE-2021-44790", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-44790" }, { "cve": "CVE-2021-44228", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-44228" }, { "cve": "CVE-2021-4155", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-4155" }, { "cve": "CVE-2021-39275", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-39275" }, { "cve": "CVE-2021-3752", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-3752" }, { "cve": "CVE-2021-3621", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-3621" }, { "cve": "CVE-2021-3573", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-3573" }, { "cve": "CVE-2021-3564", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-3564" }, { "cve": "CVE-2021-34798", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-34798" }, { "cve": "CVE-2021-33656", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-33656" }, { "cve": "CVE-2021-33655", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-33655" }, { "cve": "CVE-2021-26691", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-26691" }, { "cve": "CVE-2021-26341", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-26341" }, { "cve": "CVE-2021-25220", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-25220" }, { "cve": "CVE-2021-0920", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2021-0920" }, { "cve": "CVE-2020-9493", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2020-9493" }, { "cve": "CVE-2020-12321", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2020-12321" }, { "cve": "CVE-2020-0466", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2020-0466" }, { "cve": "CVE-2020-0465", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2020-0465" }, { "cve": "CVE-2019-17571", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2019-17571" }, { "cve": "CVE-2016-2183", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2016-2183" }, { "cve": "CVE-2024-21617", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21617" }, { "cve": "CVE-2024-21616", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21616" }, { "cve": "CVE-2024-21614", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21614" }, { "cve": "CVE-2024-21613", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21613" }, { "cve": "CVE-2024-21612", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21612" }, { "cve": "CVE-2024-21611", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21611" }, { "cve": "CVE-2024-21607", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21607" }, { "cve": "CVE-2024-21606", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21606" }, { "cve": "CVE-2024-21604", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21604" }, { "cve": "CVE-2024-21603", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21603" }, { "cve": "CVE-2024-21602", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21602" }, { "cve": "CVE-2024-21601", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21601" }, { "cve": "CVE-2024-21600", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21600" }, { "cve": "CVE-2024-21599", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21599" }, { "cve": "CVE-2024-21597", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21597" }, { "cve": "CVE-2024-21596", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21596" }, { "cve": "CVE-2024-21595", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21595" }, { "cve": "CVE-2024-21594", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21594" }, { "cve": "CVE-2024-21591", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21591" }, { "cve": "CVE-2024-21589", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21589" }, { "cve": "CVE-2024-21587", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21587" }, { "cve": "CVE-2024-21585", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2024-21585" }, { "cve": "CVE-2023-38802", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-38802" }, { "cve": "CVE-2023-38408", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-38408" }, { "cve": "CVE-2023-3817", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-3817" }, { "cve": "CVE-2023-36842", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-36842" }, { "cve": "CVE-2023-3446", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-3446" }, { "cve": "CVE-2023-3341", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-3341" }, { "cve": "CVE-2023-32360", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-32360" }, { "cve": "CVE-2023-32067", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-32067" }, { "cve": "CVE-2023-2828", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-2828" }, { "cve": "CVE-2023-2650", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-2650" }, { "cve": "CVE-2023-26464", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-26464" }, { "cve": "CVE-2023-24329", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-24329" }, { "cve": "CVE-2023-23920", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-23920" }, { "cve": "CVE-2023-23918", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-23918" }, { "cve": "CVE-2023-23454", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-23454" }, { "cve": "CVE-2023-22809", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-22809" }, { "cve": "CVE-2023-2235", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-2235" }, { "cve": "CVE-2023-22081", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-22081" }, { "cve": "CVE-2023-22049", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-22049" }, { "cve": "CVE-2023-22045", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-22045" }, { "cve": "CVE-2023-21968", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-21968" }, { "cve": "CVE-2023-21967", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-21967" }, { "cve": "CVE-2023-21954", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-21954" }, { "cve": "CVE-2023-2194", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-2194" }, { "cve": "CVE-2023-21939", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-21939" }, { "cve": "CVE-2023-21938", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-21938" }, { "cve": "CVE-2023-21937", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-21937" }, { "cve": "CVE-2023-21930", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-21930" }, { "cve": "CVE-2023-21843", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-21843" }, { "cve": "CVE-2023-21830", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-21830" }, { "cve": "CVE-2023-2124", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-2124" }, { "cve": "CVE-2023-20593", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-20593" }, { "cve": "CVE-2023-20569", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-20569" }, { "cve": "CVE-2023-1829", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-1829" }, { "cve": "CVE-2023-1582", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-1582" }, { "cve": "CVE-2023-1281", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-1281" }, { "cve": "CVE-2023-1195", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-1195" }, { "cve": "CVE-2023-0767", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-0767" }, { "cve": "CVE-2023-0461", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-0461" }, { "cve": "CVE-2023-0394", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-0394" }, { "cve": "CVE-2023-0386", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-0386" }, { "cve": "CVE-2023-0286", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-0286" }, { "cve": "CVE-2023-0266", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2023-0266" }, { "cve": "CVE-2022-47929", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-47929" }, { "cve": "CVE-2022-43945", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-43945" }, { "cve": "CVE-2022-4378", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-4378" }, { "cve": "CVE-2022-43750", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-43750" }, { "cve": "CVE-2022-42896", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-42896" }, { "cve": "CVE-2022-42722", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-42722" }, { "cve": "CVE-2022-42721", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-42721" }, { "cve": "CVE-2022-42720", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-42720" }, { "cve": "CVE-2022-42703", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-42703" }, { "cve": "CVE-2022-4269", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-4269" }, { "cve": "CVE-2022-4254", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-4254" }, { "cve": "CVE-2022-41974", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-41974" }, { "cve": "CVE-2022-41674", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-41674" }, { "cve": "CVE-2022-4139", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-4139" }, { "cve": "CVE-2022-4129", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-4129" }, { "cve": "CVE-2022-41222", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-41222" }, { "cve": "CVE-2022-41218", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-41218" }, { "cve": "CVE-2022-39189", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-39189" }, { "cve": "CVE-2022-39188", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-39188" }, { "cve": "CVE-2022-38023", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-38023" }, { "cve": "CVE-2022-37434", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-37434" }, { "cve": "CVE-2022-3707", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3707" }, { "cve": "CVE-2022-3628", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3628" }, { "cve": "CVE-2022-3625", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3625" }, { "cve": "CVE-2022-3623", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3623" }, { "cve": "CVE-2022-3619", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3619" }, { "cve": "CVE-2022-3567", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3567" }, { "cve": "CVE-2022-3566", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3566" }, { "cve": "CVE-2022-3564", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3564" }, { "cve": "CVE-2022-3524", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3524" }, { "cve": "CVE-2022-3239", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3239" }, { "cve": "CVE-2022-30594", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-30594" }, { "cve": "CVE-2022-3028", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Die Fehler bestehen aufgrund von unsachgem\u00e4\u00dfen Initialisierungen, nicht willk\u00fcrlichen Schreib- und Use-after-free-Fehlern, bei der \u00dcberpr\u00fcfung von \u00fcberm\u00e4\u00dfig langen DH-Schl\u00fcsseln, unsachgem\u00e4\u00dfen Pufferbeschr\u00e4nkungen, einer Speicher\u00fcberschreitung, einer unsachgem\u00e4\u00dfen Behandlung/Pr\u00fcfung von Ausnahmebedingungen, einem Out-of-bounds-Schreiben und einer unsachgem\u00e4\u00dfen Validierung der syntaktischen Korrektheit der Eingabe. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und seine Privilegien zu erweitern. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T030475", "T031995", "T030476", "T031994", "T031997", "T031996", "918766", "T030471", "T021598", "T018886", "T021597", "T019811", "T023853", "T021593" ] }, "release_date": "2024-01-10T23:00:00Z", "title": "CVE-2022-3028" } ] }
ghsa-vp98-w2p3-mv35
Vulnerability from github
Published
2023-03-10 15:30
Modified
2024-09-27 14:13
Severity ?
Summary
Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
Details
** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "org.apache.logging.log4j:log4j-core" }, "ranges": [ { "events": [ { "introduced": "1.0.4" }, { "fixed": "2.0" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2023-26464" ], "database_specific": { "cwe_ids": [ "CWE-400", "CWE-502" ], "github_reviewed": true, "github_reviewed_at": "2023-03-10T23:48:32Z", "nvd_published_at": "2023-03-10T14:15:00Z", "severity": "HIGH" }, "details": "** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.", "id": "GHSA-vp98-w2p3-mv35", "modified": "2024-09-27T14:13:00Z", "published": "2023-03-10T15:30:43Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464" }, { "type": "PACKAGE", "url": "https://github.com/apache/logging-log4j2" }, { "type": "WEB", "url": "https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20230505-0008" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ], "summary": "Apache Log4j 1.x (EOL) allows Denial of Service (DoS)" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.