Vulnerability-Lookup

CVE-2023-33201 (GCVE-0-2023-33201)

Vulnerability from cvelistv5 – Published: 2023-07-05 00:00 – Updated: 2024-12-04 15:48

Summary

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.

Severity

No CVSS data available.

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

Assigner

mitre

References

5 references

URL	Tags
https://bouncycastle.org
https://github.com/bcgit/bc-java/commit/e8c409a83…
https://github.com/bcgit/bc-java/wiki/CVE-2023-33201
https://lists.debian.org/debian-lts-announce/2023…	mailing-list
https://security.netapp.com/advisory/ntap-2023082…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:39:35.708Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bouncycastle.org"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
          },
          {
            "name": "[debian-lts-announce] 20230802 [SECURITY] [DLA 3514-1] bouncycastle security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230824-0008/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-33201",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-04T15:47:56.732893Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T15:48:15.487Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate\u0027s Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-24T18:06:18.676Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bouncycastle.org"
        },
        {
          "url": "https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc"
        },
        {
          "url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
        },
        {
          "name": "[debian-lts-announce] 20230802 [SECURITY] [DLA 3514-1] bouncycastle security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230824-0008/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-33201",
    "datePublished": "2023-07-05T00:00:00.000Z",
    "dateReserved": "2023-05-18T00:00:00.000Z",
    "dateUpdated": "2024-12-04T15:48:15.487Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-33201",
      "date": "2026-06-05",
      "epss": "0.00326",
      "percentile": "0.55885"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.74\", \"matchCriteriaId\": \"93E9273D-E54C-43EF-8822-39FA3C2834E0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate\u0027s Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.\"}]",
      "id": "CVE-2023-33201",
      "lastModified": "2024-11-21T08:05:06.870",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
      "published": "2023-07-05T03:15:09.197",
      "references": "[{\"url\": \"https://bouncycastle.org\", \"source\": \"cve@mitre.org\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/bcgit/bc-java/wiki/CVE-2023-33201\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230824-0008/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bouncycastle.org\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/bcgit/bc-java/wiki/CVE-2023-33201\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230824-0008/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-295\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-33201\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-07-05T03:15:09.197\",\"lastModified\":\"2024-11-21T08:05:06.870\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate\u0027s Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.74\",\"matchCriteriaId\":\"93E9273D-E54C-43EF-8822-39FA3C2834E0\"}]}]}],\"references\":[{\"url\":\"https://bouncycastle.org\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/bcgit/bc-java/wiki/CVE-2023-33201\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20230824-0008/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bouncycastle.org\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/bcgit/bc-java/wiki/CVE-2023-33201\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20230824-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://bouncycastle.org\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/bcgit/bc-java/wiki/CVE-2023-33201\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html\", \"name\": \"[debian-lts-announce] 20230802 [SECURITY] [DLA 3514-1] bouncycastle security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230824-0008/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T15:39:35.708Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-33201\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-04T15:47:56.732893Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-04T15:48:11.022Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://bouncycastle.org\"}, {\"url\": \"https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc\"}, {\"url\": \"https://github.com/bcgit/bc-java/wiki/CVE-2023-33201\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html\", \"name\": \"[debian-lts-announce] 20230802 [SECURITY] [DLA 3514-1] bouncycastle security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230824-0008/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate\u0027s Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2023-08-24T18:06:18.676012\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-33201\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-04T15:48:15.487Z\", \"dateReserved\": \"2023-05-18T00:00:00\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2023-07-05T00:00:00\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

RHSA-2023:5486

Vulnerability from csaf_redhat - Published: 2023-10-06 03:41 - Updated: 2026-06-02 17:39

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 9

Severity

Important

Notes

Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * server: eap-7: heap exhaustion via deserialization (CVE-2023-3171) * log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464) * nodejs-semver: Regular expression denial of service (CVE-2022-25883) * wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor (CVE-2023-4061) * tough-cookie: prototype pollution in cookie memstore (CVE-2023-26136) * bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201) * netty: netty-handler: SniHandler 16MB allocation (CVE-2023-34462) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2022-25883

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 116 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2023-3171

A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-789 - Memory Allocation with Excessive Size Value

Affected products

Fixed 116 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix

Threats

Impact Important

CVE-2023-4061

A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 10 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround

Known not affected 106 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src	—	Workaround

Threats

Impact Moderate

CVE-2023-26136

A flaw was found in the tough-cookie package which allows Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Fixed 116 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-26464

A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 116 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2023-33201

A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 7 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix

Known not affected 109 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch		—
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch		—

Threats

Impact Moderate

CVE-2023-34462

A flaw was found in Netty's SniHandler while navigating TLS handshake which may permit a large heap allocation if the handler did not have a timeout configured. This issue may allow an attacker to send a client hello packet which would cause the server to buffer large amounts of data per connection, potentially causing an out of memory error, resulting in Denial of Service.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 31 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround

Known not affected 85 products

Product	Version	Remediation
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Workaround
Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch	—	Workaround

Threats

Impact Moderate

References

64 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:5486	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/documentation/en-us/red…	external
https://access.redhat.com/documentation/en-us/red…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2182864	external
https://bugzilla.redhat.com/show_bug.cgi?id=2213639	external
https://bugzilla.redhat.com/show_bug.cgi?id=2215465	external
https://bugzilla.redhat.com/show_bug.cgi?id=2216475	external
https://bugzilla.redhat.com/show_bug.cgi?id=2216888	external
https://bugzilla.redhat.com/show_bug.cgi?id=2219310	external
https://bugzilla.redhat.com/show_bug.cgi?id=2228608	external
https://issues.redhat.com/browse/JBEAP-24667	external
https://issues.redhat.com/browse/JBEAP-24799	external
https://issues.redhat.com/browse/JBEAP-24966	external
https://issues.redhat.com/browse/JBEAP-24985	external
https://issues.redhat.com/browse/JBEAP-25032	external
https://issues.redhat.com/browse/JBEAP-25033	external
https://issues.redhat.com/browse/JBEAP-25078	external
https://issues.redhat.com/browse/JBEAP-25122	external
https://issues.redhat.com/browse/JBEAP-25135	external
https://issues.redhat.com/browse/JBEAP-25186	external
https://issues.redhat.com/browse/JBEAP-25200	external
https://issues.redhat.com/browse/JBEAP-25225	external
https://issues.redhat.com/browse/JBEAP-25261	external
https://issues.redhat.com/browse/JBEAP-25285	external
https://issues.redhat.com/browse/JBEAP-25312	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2022-25883	self
https://bugzilla.redhat.com/show_bug.cgi?id=2216475	external
https://www.cve.org/CVERecord?id=CVE-2022-25883	external
https://nvd.nist.gov/vuln/detail/CVE-2022-25883	external
https://github.com/advisories/GHSA-c2qf-rxjj-qqgw	external
https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795	external
https://access.redhat.com/security/cve/CVE-2023-3171	self
https://bugzilla.redhat.com/show_bug.cgi?id=2213639	external
https://www.cve.org/CVERecord?id=CVE-2023-3171	external
https://nvd.nist.gov/vuln/detail/CVE-2023-3171	external
https://access.redhat.com/security/cve/CVE-2023-4061	self
https://bugzilla.redhat.com/show_bug.cgi?id=2228608	external
https://www.cve.org/CVERecord?id=CVE-2023-4061	external
https://nvd.nist.gov/vuln/detail/CVE-2023-4061	external
https://access.redhat.com/security/cve/CVE-2023-26136	self
https://bugzilla.redhat.com/show_bug.cgi?id=2219310	external
https://www.cve.org/CVERecord?id=CVE-2023-26136	external
https://nvd.nist.gov/vuln/detail/CVE-2023-26136	external
https://github.com/salesforce/tough-cookie/commit…	external
https://github.com/salesforce/tough-cookie/issues/282	external
https://github.com/salesforce/tough-cookie/releas…	external
https://lists.debian.org/debian-lts-announce/2023…	external
https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE…	external
https://access.redhat.com/security/cve/CVE-2023-26464	self
https://bugzilla.redhat.com/show_bug.cgi?id=2182864	external
https://www.cve.org/CVERecord?id=CVE-2023-26464	external
https://nvd.nist.gov/vuln/detail/CVE-2023-26464	external
https://www.ibm.com/support/pages/security-bullet…	external
https://access.redhat.com/security/cve/CVE-2023-33201	self
https://bugzilla.redhat.com/show_bug.cgi?id=2215465	external
https://www.cve.org/CVERecord?id=CVE-2023-33201	external
https://nvd.nist.gov/vuln/detail/CVE-2023-33201	external
https://github.com/bcgit/bc-java/wiki/CVE-2023-33201	external
https://access.redhat.com/security/cve/CVE-2023-34462	self
https://bugzilla.redhat.com/show_bug.cgi?id=2216888	external
https://www.cve.org/CVERecord?id=CVE-2023-34462	external
https://nvd.nist.gov/vuln/detail/CVE-2023-34462	external

Acknowledgments

Kokorin Vsevolod

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* server: eap-7: heap exhaustion via deserialization (CVE-2023-3171)\n\n* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)\n\n* nodejs-semver: Regular expression denial of service (CVE-2022-25883)\n\n* wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor (CVE-2023-4061)\n\n* tough-cookie: prototype pollution in cookie memstore (CVE-2023-26136)\n\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n\n* netty: netty-handler: SniHandler 16MB allocation (CVE-2023-34462)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:5486",
        "url": "https://access.redhat.com/errata/RHSA-2023:5486"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
      },
      {
        "category": "external",
        "summary": "2182864",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864"
      },
      {
        "category": "external",
        "summary": "2213639",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639"
      },
      {
        "category": "external",
        "summary": "2215465",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
      },
      {
        "category": "external",
        "summary": "2216475",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216475"
      },
      {
        "category": "external",
        "summary": "2216888",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888"
      },
      {
        "category": "external",
        "summary": "2219310",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219310"
      },
      {
        "category": "external",
        "summary": "2228608",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228608"
      },
      {
        "category": "external",
        "summary": "JBEAP-24667",
        "url": "https://issues.redhat.com/browse/JBEAP-24667"
      },
      {
        "category": "external",
        "summary": "JBEAP-24799",
        "url": "https://issues.redhat.com/browse/JBEAP-24799"
      },
      {
        "category": "external",
        "summary": "JBEAP-24966",
        "url": "https://issues.redhat.com/browse/JBEAP-24966"
      },
      {
        "category": "external",
        "summary": "JBEAP-24985",
        "url": "https://issues.redhat.com/browse/JBEAP-24985"
      },
      {
        "category": "external",
        "summary": "JBEAP-25032",
        "url": "https://issues.redhat.com/browse/JBEAP-25032"
      },
      {
        "category": "external",
        "summary": "JBEAP-25033",
        "url": "https://issues.redhat.com/browse/JBEAP-25033"
      },
      {
        "category": "external",
        "summary": "JBEAP-25078",
        "url": "https://issues.redhat.com/browse/JBEAP-25078"
      },
      {
        "category": "external",
        "summary": "JBEAP-25122",
        "url": "https://issues.redhat.com/browse/JBEAP-25122"
      },
      {
        "category": "external",
        "summary": "JBEAP-25135",
        "url": "https://issues.redhat.com/browse/JBEAP-25135"
      },
      {
        "category": "external",
        "summary": "JBEAP-25186",
        "url": "https://issues.redhat.com/browse/JBEAP-25186"
      },
      {
        "category": "external",
        "summary": "JBEAP-25200",
        "url": "https://issues.redhat.com/browse/JBEAP-25200"
      },
      {
        "category": "external",
        "summary": "JBEAP-25225",
        "url": "https://issues.redhat.com/browse/JBEAP-25225"
      },
      {
        "category": "external",
        "summary": "JBEAP-25261",
        "url": "https://issues.redhat.com/browse/JBEAP-25261"
      },
      {
        "category": "external",
        "summary": "JBEAP-25285",
        "url": "https://issues.redhat.com/browse/JBEAP-25285"
      },
      {
        "category": "external",
        "summary": "JBEAP-25312",
        "url": "https://issues.redhat.com/browse/JBEAP-25312"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5486.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 9",
    "tracking": {
      "current_release_date": "2026-06-02T17:39:21+00:00",
      "generator": {
        "date": "2026-06-02T17:39:21+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2023:5486",
      "initial_release_date": "2023-10-06T03:41:07+00:00",
      "revision_history": [
        {
          "date": "2023-10-06T03:41:07+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-10-06T03:41:07+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-02T17:39:21+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss EAP 7.4 for RHEL 9",
                "product": {
                  "name": "Red Hat JBoss EAP 7.4 for RHEL 9",
                  "product_id": "9Base-JBEAP-7.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
                  "product_id": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.20-1.Final_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src",
                  "product_id": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-undertow@2.2.26-1.SP1_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
                  "product_id": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-mod_cluster@1.4.5-1.Final_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
                "product": {
                  "name": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
                  "product_id": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-31.Final_redhat_00030.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
                  "product_id": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty@4.1.94-1.Final_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
                  "product_id": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.13-2.SP1_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
                  "product_id": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.10-1.Final_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
                  "product_id": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.19-1.Final_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
                  "product_id": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.15-1.Final_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
                  "product_id": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.12.2-1.Final_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
                "product": {
                  "name": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
                  "product_id": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-15.redhat_00049.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
                  "product_id": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.76.0-4.redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
                  "product_id": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.94-1.Final_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
                  "product_id": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.13-8.GA_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
                  "product_id": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy@3.15.8-1.Final_redhat_00001.1.el9eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
                  "product_id": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.31-1.Final_redhat_00001.1.el9eap?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.20-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.20-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-undertow@2.2.26-1.SP1_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-mod_cluster@1.4.5-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
                  "product_id": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-31.Final_redhat_00030.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
                  "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-31.Final_redhat_00030.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
                  "product_id": "eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-31.Final_redhat_00030.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-buffer@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-codec@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-codec-dns@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-codec-haproxy@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-codec-http@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-codec-http2@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-codec-memcache@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-codec-mqtt@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-codec-redis@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-codec-smtp@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-codec-socks@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-codec-stomp@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-codec-xml@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-common@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-handler@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-handler-proxy@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-resolver@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns-classes-macos@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-transport@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-epoll@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-kqueue@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-transport-native-unix-common@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-transport-rxtx@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-transport-sctp@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-transport-udt@4.1.94-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.13-2.SP1_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.13-2.SP1_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.10-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.19-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.15-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.15-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.15-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.15-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.15-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.15-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.15-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.15-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.15-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-modules@1.12.2-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-15.redhat_00049.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-15.redhat_00049.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-15.redhat_00049.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-15.redhat_00049.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-15.redhat_00049.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-15.redhat_00049.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-15.redhat_00049.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-15.redhat_00049.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-15.redhat_00049.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-15.redhat_00049.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-15.redhat_00049.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-15.redhat_00049.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-15.redhat_00049.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-15.redhat_00049.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-15.redhat_00049.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_id": "eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-15.redhat_00049.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.76.0-4.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle-mail@1.76.0-4.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle-pg@1.76.0-4.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle-pkix@1.76.0-4.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle-prov@1.76.0-4.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle-util@1.76.0-4.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.13-8.GA_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.13-8.GA_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.13-8.GA_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.13-8.GA_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.13-8.GA_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.13-8.GA_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-client@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-json-binding-provider@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-rxjava2@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.15.8-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.31-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.31-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.31-1.Final_redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
                "product": {
                  "name": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
                  "product_id": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.94-1.Final_redhat_00001.1.el9eap?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
                "product": {
                  "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
                  "product_id": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll-debuginfo@4.1.94-1.Final_redhat_00001.1.el9eap?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src"
        },
        "product_reference": "eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src"
        },
        "product_reference": "eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64"
        },
        "product_reference": "eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64"
        },
        "product_reference": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
          "product_id": "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-25883",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2023-06-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2216475"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the \u0027new Range\u0027 function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-semver: Regular expression denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Moderate for Red Hat Products versus NVD\u0027s High due to deployment context. The flaw in node-semver\u0027s new Range() function causes catastrophic regex backtracking on crafted input, leading to CPU exhaustion. However, exploitation requires untrusted input passed directly to the parser. So node-semver is a build-time dev dependency, not present in runtime environment in RHACM, and the functionality is additionally protected behind OAuth authentication, further limiting attack surface.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-25883"
        },
        {
          "category": "external",
          "summary": "RHBZ#2216475",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216475"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25883",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25883",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25883"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
          "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795",
          "url": "https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795"
        }
      ],
      "release_date": "2023-06-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-10-06T03:41:07+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5486"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-semver: Regular expression denial of service"
    },
    {
      "cve": "CVE-2023-3171",
      "cwe": {
        "id": "CWE-789",
        "name": "Memory Allocation with Excessive Size Value"
      },
      "discovery_date": "2023-04-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2213639"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "eap-7: heap exhaustion via deserialization",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-3171"
        },
        {
          "category": "external",
          "summary": "RHBZ#2213639",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-3171",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-3171"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3171",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3171"
        }
      ],
      "release_date": "2023-10-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-10-06T03:41:07+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5486"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "eap-7: heap exhaustion via deserialization"
    },
    {
      "cve": "CVE-2023-4061",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2023-08-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2228608"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability requires a malicious user to previously have access to the system, especially access to the HAL interface via browser and logged with a management user who have access to the resolve-expression method, hence the moderate impact.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
        ],
        "known_not_affected": [
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-4061"
        },
        {
          "category": "external",
          "summary": "RHBZ#2228608",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228608"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4061",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-4061"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4061",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4061"
        }
      ],
      "release_date": "2023-10-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-10-06T03:41:07+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5486"
        },
        {
          "category": "workaround",
          "details": "Wildfly administrators are recommended to use Vault, especially the Elytron subsystem, to store potential critical information such as DNS, IPs, and credentials.",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Kokorin Vsevolod"
          ]
        }
      ],
      "cve": "CVE-2023-26136",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "discovery_date": "2023-07-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2219310"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the tough-cookie package which allows Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tough-cookie: prototype pollution in cookie memstore",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26136"
        },
        {
          "category": "external",
          "summary": "RHBZ#2219310",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219310"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26136",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26136",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26136"
        },
        {
          "category": "external",
          "summary": "https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e",
          "url": "https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e"
        },
        {
          "category": "external",
          "summary": "https://github.com/salesforce/tough-cookie/issues/282",
          "url": "https://github.com/salesforce/tough-cookie/issues/282"
        },
        {
          "category": "external",
          "summary": "https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3",
          "url": "https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3"
        },
        {
          "category": "external",
          "summary": "https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html",
          "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873",
          "url": "https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873"
        }
      ],
      "release_date": "2023-07-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-10-06T03:41:07+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5486"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tough-cookie: prototype pollution in cookie memstore"
    },
    {
      "cve": "CVE-2023-26464",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-03-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2182864"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j1-socketappender: DoS via hashmap logging",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 8 and 9 security impacts have been reduced to Low as they do not enable the vulnerable JDK by default.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26464"
        },
        {
          "category": "external",
          "summary": "RHBZ#2182864",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26464",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26464"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464"
        },
        {
          "category": "external",
          "summary": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464",
          "url": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464"
        }
      ],
      "release_date": "2023-03-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-10-06T03:41:07+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5486"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "log4j1-socketappender: DoS via hashmap logging"
    },
    {
      "cve": "CVE-2023-33201",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2023-06-16T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2215465"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bouncycastle: potential  blind LDAP injection attack using a self-signed certificate",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch"
        ],
        "known_not_affected": [
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "RHBZ#2215465",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-33201",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201",
          "url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
        }
      ],
      "release_date": "2023-06-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-10-06T03:41:07+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5486"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "bouncycastle: potential  blind LDAP injection attack using a self-signed certificate"
    },
    {
      "cve": "CVE-2023-34462",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2023-06-23T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2216888"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty\u0027s SniHandler while navigating TLS handshake which may permit a large heap allocation if the handler did not have a timeout configured. This issue may allow an attacker to send a client hello packet which would cause the server to buffer large amounts of data per connection, potentially causing an out of memory error, resulting in Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty: SniHandler 16MB allocation leads to OOM",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
          "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
        ],
        "known_not_affected": [
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-34462"
        },
        {
          "category": "external",
          "summary": "RHBZ#2216888",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-34462",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462"
        }
      ],
      "release_date": "2023-06-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-10-06T03:41:07+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5486"
        },
        {
          "category": "workaround",
          "details": "Configuration of SniHandler with an idle timeout will mitigate this issue.",
          "product_ids": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-15.redhat_00049.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-15.redhat_00049.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-0:1.76.0-4.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-bouncycastle-mail-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pg-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-pkix-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-prov-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-bouncycastle-util-0:1.76.0-4.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.19-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.31-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.31-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.15-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.15-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.13-2.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.13-2.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-modules-0:1.12.2-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-31.Final_redhat_00030.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-31.Final_redhat_00030.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.10-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-mod_cluster-0:1.4.5-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.94-1.Final_redhat_00001.1.el9eap.x86_64",
            "9Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.94-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-0:3.15.8-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-resteasy-atom-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-cdi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-client-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-crypto-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jackson2-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxb-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jaxrs-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jettison-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jose-jwt-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-jsapi-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-binding-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-json-p-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-multipart-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-rxjava2-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-spring-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-validator-provider-11-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-resteasy-yaml-provider-0:3.15.8-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-undertow-0:2.2.26-1.SP1_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.13-8.GA_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.20-1.Final_redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.20-1.Final_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.13-8.GA_redhat_00001.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty: SniHandler 16MB allocation leads to OOM"
    }
  ]
}

RHSA-2023:5488

Vulnerability from csaf_redhat - Published: 2023-10-05 20:18 - Updated: 2026-06-02 17:39

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.13 security update

Severity

Important

Notes

Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

CVE-2022-25883

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform 7 Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jboss_enterprise_application_platform:7.4`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2023-3171

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-789 - Memory Allocation with Excessive Size Value

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform 7 Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jboss_enterprise_application_platform:7.4`	—	Vendor Fix fix

Threats

Impact Important

CVE-2023-4061

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform 7 Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jboss_enterprise_application_platform:7.4`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2023-26136

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform 7 Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jboss_enterprise_application_platform:7.4`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-26464

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform 7 Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jboss_enterprise_application_platform:7.4`	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2023-33201

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform 7 Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jboss_enterprise_application_platform:7.4`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-34462

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform 7 Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jboss_enterprise_application_platform:7.4`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

References

64 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:5488	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/jbossnetwork/restricted…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2182864	external
https://bugzilla.redhat.com/show_bug.cgi?id=2213639	external
https://bugzilla.redhat.com/show_bug.cgi?id=2215465	external
https://bugzilla.redhat.com/show_bug.cgi?id=2216475	external
https://bugzilla.redhat.com/show_bug.cgi?id=2216888	external
https://bugzilla.redhat.com/show_bug.cgi?id=2219310	external
https://bugzilla.redhat.com/show_bug.cgi?id=2228608	external
https://issues.redhat.com/browse/JBEAP-24667	external
https://issues.redhat.com/browse/JBEAP-24966	external
https://issues.redhat.com/browse/JBEAP-24985	external
https://issues.redhat.com/browse/JBEAP-25032	external
https://issues.redhat.com/browse/JBEAP-25033	external
https://issues.redhat.com/browse/JBEAP-25078	external
https://issues.redhat.com/browse/JBEAP-25122	external
https://issues.redhat.com/browse/JBEAP-25135	external
https://issues.redhat.com/browse/JBEAP-25186	external
https://issues.redhat.com/browse/JBEAP-25200	external
https://issues.redhat.com/browse/JBEAP-25225	external
https://issues.redhat.com/browse/JBEAP-25261	external
https://issues.redhat.com/browse/JBEAP-25285	external
https://issues.redhat.com/browse/JBEAP-25312	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2022-25883	self
https://bugzilla.redhat.com/show_bug.cgi?id=2216475	external
https://www.cve.org/CVERecord?id=CVE-2022-25883	external
https://nvd.nist.gov/vuln/detail/CVE-2022-25883	external
https://github.com/advisories/GHSA-c2qf-rxjj-qqgw	external
https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795	external
https://access.redhat.com/security/cve/CVE-2023-3171	self
https://bugzilla.redhat.com/show_bug.cgi?id=2213639	external
https://www.cve.org/CVERecord?id=CVE-2023-3171	external
https://nvd.nist.gov/vuln/detail/CVE-2023-3171	external
https://access.redhat.com/security/cve/CVE-2023-4061	self
https://bugzilla.redhat.com/show_bug.cgi?id=2228608	external
https://www.cve.org/CVERecord?id=CVE-2023-4061	external
https://nvd.nist.gov/vuln/detail/CVE-2023-4061	external
https://access.redhat.com/security/cve/CVE-2023-26136	self
https://bugzilla.redhat.com/show_bug.cgi?id=2219310	external
https://www.cve.org/CVERecord?id=CVE-2023-26136	external
https://nvd.nist.gov/vuln/detail/CVE-2023-26136	external
https://github.com/salesforce/tough-cookie/commit…	external
https://github.com/salesforce/tough-cookie/issues/282	external
https://github.com/salesforce/tough-cookie/releas…	external
https://lists.debian.org/debian-lts-announce/2023…	external
https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE…	external
https://access.redhat.com/security/cve/CVE-2023-26464	self
https://bugzilla.redhat.com/show_bug.cgi?id=2182864	external
https://www.cve.org/CVERecord?id=CVE-2023-26464	external
https://nvd.nist.gov/vuln/detail/CVE-2023-26464	external
https://www.ibm.com/support/pages/security-bullet…	external
https://access.redhat.com/security/cve/CVE-2023-33201	self
https://bugzilla.redhat.com/show_bug.cgi?id=2215465	external
https://www.cve.org/CVERecord?id=CVE-2023-33201	external
https://nvd.nist.gov/vuln/detail/CVE-2023-33201	external
https://github.com/bcgit/bc-java/wiki/CVE-2023-33201	external
https://access.redhat.com/security/cve/CVE-2023-34462	self
https://bugzilla.redhat.com/show_bug.cgi?id=2216888	external
https://www.cve.org/CVERecord?id=CVE-2023-34462	external
https://nvd.nist.gov/vuln/detail/CVE-2023-34462	external

Acknowledgments

Kokorin Vsevolod

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* server: eap-7: heap exhaustion via deserialization (CVE-2023-3171)\n\n* log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)\n\n* nodejs-semver: Regular expression denial of service (CVE-2022-25883)\n\n* wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor (CVE-2023-4061)\n\n* tough-cookie: prototype pollution in cookie memstore (CVE-2023-26136)\n\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n\n* netty: netty-handler: SniHandler 16MB allocation (CVE-2023-34462)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:5488",
        "url": "https://access.redhat.com/errata/RHSA-2023:5488"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index"
      },
      {
        "category": "external",
        "summary": "2182864",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864"
      },
      {
        "category": "external",
        "summary": "2213639",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639"
      },
      {
        "category": "external",
        "summary": "2215465",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
      },
      {
        "category": "external",
        "summary": "2216475",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216475"
      },
      {
        "category": "external",
        "summary": "2216888",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888"
      },
      {
        "category": "external",
        "summary": "2219310",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219310"
      },
      {
        "category": "external",
        "summary": "2228608",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228608"
      },
      {
        "category": "external",
        "summary": "JBEAP-24667",
        "url": "https://issues.redhat.com/browse/JBEAP-24667"
      },
      {
        "category": "external",
        "summary": "JBEAP-24966",
        "url": "https://issues.redhat.com/browse/JBEAP-24966"
      },
      {
        "category": "external",
        "summary": "JBEAP-24985",
        "url": "https://issues.redhat.com/browse/JBEAP-24985"
      },
      {
        "category": "external",
        "summary": "JBEAP-25032",
        "url": "https://issues.redhat.com/browse/JBEAP-25032"
      },
      {
        "category": "external",
        "summary": "JBEAP-25033",
        "url": "https://issues.redhat.com/browse/JBEAP-25033"
      },
      {
        "category": "external",
        "summary": "JBEAP-25078",
        "url": "https://issues.redhat.com/browse/JBEAP-25078"
      },
      {
        "category": "external",
        "summary": "JBEAP-25122",
        "url": "https://issues.redhat.com/browse/JBEAP-25122"
      },
      {
        "category": "external",
        "summary": "JBEAP-25135",
        "url": "https://issues.redhat.com/browse/JBEAP-25135"
      },
      {
        "category": "external",
        "summary": "JBEAP-25186",
        "url": "https://issues.redhat.com/browse/JBEAP-25186"
      },
      {
        "category": "external",
        "summary": "JBEAP-25200",
        "url": "https://issues.redhat.com/browse/JBEAP-25200"
      },
      {
        "category": "external",
        "summary": "JBEAP-25225",
        "url": "https://issues.redhat.com/browse/JBEAP-25225"
      },
      {
        "category": "external",
        "summary": "JBEAP-25261",
        "url": "https://issues.redhat.com/browse/JBEAP-25261"
      },
      {
        "category": "external",
        "summary": "JBEAP-25285",
        "url": "https://issues.redhat.com/browse/JBEAP-25285"
      },
      {
        "category": "external",
        "summary": "JBEAP-25312",
        "url": "https://issues.redhat.com/browse/JBEAP-25312"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5488.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.13 security update",
    "tracking": {
      "current_release_date": "2026-06-02T17:39:21+00:00",
      "generator": {
        "date": "2026-06-02T17:39:21+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2023:5488",
      "initial_release_date": "2023-10-05T20:18:28+00:00",
      "revision_history": [
        {
          "date": "2023-10-05T20:18:28+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-10-23T22:34:35+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-02T17:39:21+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 7",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 7",
                  "product_id": "Red Hat JBoss Enterprise Application Platform 7",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-25883",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2023-06-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2216475"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the \u0027new Range\u0027 function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-semver: Regular expression denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Moderate for Red Hat Products versus NVD\u0027s High due to deployment context. The flaw in node-semver\u0027s new Range() function causes catastrophic regex backtracking on crafted input, leading to CPU exhaustion. However, exploitation requires untrusted input passed directly to the parser. So node-semver is a build-time dev dependency, not present in runtime environment in RHACM, and the functionality is additionally protected behind OAuth authentication, further limiting attack surface.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-25883"
        },
        {
          "category": "external",
          "summary": "RHBZ#2216475",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216475"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25883",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25883",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25883"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
          "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795",
          "url": "https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795"
        }
      ],
      "release_date": "2023-06-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-10-05T20:18:28+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5488"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-semver: Regular expression denial of service"
    },
    {
      "cve": "CVE-2023-3171",
      "cwe": {
        "id": "CWE-789",
        "name": "Memory Allocation with Excessive Size Value"
      },
      "discovery_date": "2023-04-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2213639"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "eap-7: heap exhaustion via deserialization",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-3171"
        },
        {
          "category": "external",
          "summary": "RHBZ#2213639",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213639"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-3171",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-3171"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3171",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3171"
        }
      ],
      "release_date": "2023-10-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-10-05T20:18:28+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5488"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "eap-7: heap exhaustion via deserialization"
    },
    {
      "cve": "CVE-2023-4061",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2023-08-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2228608"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability requires a malicious user to previously have access to the system, especially access to the HAL interface via browser and logged with a management user who have access to the resolve-expression method, hence the moderate impact.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-4061"
        },
        {
          "category": "external",
          "summary": "RHBZ#2228608",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228608"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4061",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-4061"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4061",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4061"
        }
      ],
      "release_date": "2023-10-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-10-05T20:18:28+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5488"
        },
        {
          "category": "workaround",
          "details": "Wildfly administrators are recommended to use Vault, especially the Elytron subsystem, to store potential critical information such as DNS, IPs, and credentials.",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Kokorin Vsevolod"
          ]
        }
      ],
      "cve": "CVE-2023-26136",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "discovery_date": "2023-07-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2219310"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the tough-cookie package which allows Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tough-cookie: prototype pollution in cookie memstore",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26136"
        },
        {
          "category": "external",
          "summary": "RHBZ#2219310",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219310"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26136",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26136",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26136"
        },
        {
          "category": "external",
          "summary": "https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e",
          "url": "https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e"
        },
        {
          "category": "external",
          "summary": "https://github.com/salesforce/tough-cookie/issues/282",
          "url": "https://github.com/salesforce/tough-cookie/issues/282"
        },
        {
          "category": "external",
          "summary": "https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3",
          "url": "https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3"
        },
        {
          "category": "external",
          "summary": "https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html",
          "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873",
          "url": "https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873"
        }
      ],
      "release_date": "2023-07-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-10-05T20:18:28+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5488"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tough-cookie: prototype pollution in cookie memstore"
    },
    {
      "cve": "CVE-2023-26464",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-03-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2182864"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j1-socketappender: DoS via hashmap logging",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 8 and 9 security impacts have been reduced to Low as they do not enable the vulnerable JDK by default.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26464"
        },
        {
          "category": "external",
          "summary": "RHBZ#2182864",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26464",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26464"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464"
        },
        {
          "category": "external",
          "summary": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464",
          "url": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464"
        }
      ],
      "release_date": "2023-03-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-10-05T20:18:28+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5488"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "log4j1-socketappender: DoS via hashmap logging"
    },
    {
      "cve": "CVE-2023-33201",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2023-06-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2215465"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bouncycastle: potential  blind LDAP injection attack using a self-signed certificate",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "RHBZ#2215465",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-33201",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201",
          "url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
        }
      ],
      "release_date": "2023-06-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-10-05T20:18:28+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5488"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "bouncycastle: potential  blind LDAP injection attack using a self-signed certificate"
    },
    {
      "cve": "CVE-2023-34462",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2023-06-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2216888"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty\u0027s SniHandler while navigating TLS handshake which may permit a large heap allocation if the handler did not have a timeout configured. This issue may allow an attacker to send a client hello packet which would cause the server to buffer large amounts of data per connection, potentially causing an out of memory error, resulting in Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty: SniHandler 16MB allocation leads to OOM",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-34462"
        },
        {
          "category": "external",
          "summary": "RHBZ#2216888",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-34462",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462"
        }
      ],
      "release_date": "2023-06-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-10-05T20:18:28+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5488"
        },
        {
          "category": "workaround",
          "details": "Configuration of SniHandler with an idle timeout will mitigate this issue.",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty: SniHandler 16MB allocation leads to OOM"
    }
  ]
}

RHSA-2023:7482

Vulnerability from csaf_redhat - Published: 2023-11-24 16:56 - Updated: 2026-06-02 15:03

Summary

Red Hat Security Advisory: Red Hat Single Sign-On 7.6.6 security update on RHEL 7

Severity

Important

Notes

Topic: New Red Hat Single Sign-On 7.6.6 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.6 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.5, and includes bug fixes and enhancements. Security Fix(es): * undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) * netty-codec-http2: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) * bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201) * keycloak: impersonation and lockout possible through incorrect handling of email trust (CVE-2023-0105) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-0105

A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-841 - Improper Enforcement of Behavioral Workflow

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.src	—	Vendor Fix fix
Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el7sso.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-33201

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.src	—	Vendor Fix fix
Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el7sso.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-44487

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el7sso.noarch	—	Vendor Fix fix Workaround

Threats

Exploit Status CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Impact Important

References

27 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:7482	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/vulnerabilitie…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2158910	external
https://bugzilla.redhat.com/show_bug.cgi?id=2215465	external
https://bugzilla.redhat.com/show_bug.cgi?id=2242803	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-0105	self
https://bugzilla.redhat.com/show_bug.cgi?id=2158910	external
https://www.cve.org/CVERecord?id=CVE-2023-0105	external
https://nvd.nist.gov/vuln/detail/CVE-2023-0105	external
https://github.com/advisories/GHSA-c7xw-p58w-h6fj	external
https://access.redhat.com/security/cve/CVE-2023-33201	self
https://bugzilla.redhat.com/show_bug.cgi?id=2215465	external
https://www.cve.org/CVERecord?id=CVE-2023-33201	external
https://nvd.nist.gov/vuln/detail/CVE-2023-33201	external
https://github.com/bcgit/bc-java/wiki/CVE-2023-33201	external
https://access.redhat.com/security/cve/CVE-2023-44487	self
https://bugzilla.redhat.com/show_bug.cgi?id=2242803	external
https://access.redhat.com/security/vulnerabilitie…	external
https://www.cve.org/CVERecord?id=CVE-2023-44487	external
https://nvd.nist.gov/vuln/detail/CVE-2023-44487	external
https://github.com/dotnet/announcements/issues/277	external
https://pkg.go.dev/vuln/GO-2023-2102	external
https://www.cisa.gov/news-events/alerts/2023/10/1…	external
https://www.nginx.com/blog/http-2-rapid-reset-att…	external
https://www.cisa.gov/known-exploited-vulnerabilit…	external

Acknowledgments

Inverid Willem Noort

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "New Red Hat Single Sign-On 7.6.6 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.6 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.5, and includes bug fixes and enhancements.\n\nSecurity Fix(es):\n* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n* netty-codec-http2: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n* keycloak: impersonation and lockout possible through incorrect handling of email trust (CVE-2023-0105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:7482",
        "url": "https://access.redhat.com/errata/RHSA-2023:7482"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
      },
      {
        "category": "external",
        "summary": "2158910",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158910"
      },
      {
        "category": "external",
        "summary": "2215465",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
      },
      {
        "category": "external",
        "summary": "2242803",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7482.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.6 security update on RHEL 7",
    "tracking": {
      "current_release_date": "2026-06-02T15:03:54+00:00",
      "generator": {
        "date": "2026-06-02T15:03:54+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2023:7482",
      "initial_release_date": "2023-11-24T16:56:09+00:00",
      "revision_history": [
        {
          "date": "2023-11-24T16:56:09+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-11-24T16:56:09+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-02T15:03:54+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Single Sign-On 7.6 for RHEL 7 Server",
                "product": {
                  "name": "Red Hat Single Sign-On 7.6 for RHEL 7 Server",
                  "product_id": "7Server-RHSSO-7.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Single Sign-On"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.src",
                "product": {
                  "name": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.src",
                  "product_id": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.11-2.redhat_00001.1.el7sso?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.noarch",
                "product": {
                  "name": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.noarch",
                  "product_id": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.11-2.redhat_00001.1.el7sso?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el7sso.noarch",
                "product": {
                  "name": "rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el7sso.noarch",
                  "product_id": "rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el7sso.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.11-2.redhat_00001.1.el7sso?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server",
          "product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.noarch"
        },
        "product_reference": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.noarch",
        "relates_to_product_reference": "7Server-RHSSO-7.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server",
          "product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.src"
        },
        "product_reference": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.src",
        "relates_to_product_reference": "7Server-RHSSO-7.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server",
          "product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el7sso.noarch"
        },
        "product_reference": "rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el7sso.noarch",
        "relates_to_product_reference": "7Server-RHSSO-7.6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Willem Noort"
          ],
          "organization": "Inverid",
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2023-0105",
      "cwe": {
        "id": "CWE-841",
        "name": "Improper Enforcement of Behavioral Workflow"
      },
      "discovery_date": "2022-11-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2158910"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: impersonation and lockout possible through incorrect handling of email trust",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.noarch",
          "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.src",
          "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el7sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-0105"
        },
        {
          "category": "external",
          "summary": "RHBZ#2158910",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158910"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0105",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-0105"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0105",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0105"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-c7xw-p58w-h6fj",
          "url": "https://github.com/advisories/GHSA-c7xw-p58w-h6fj"
        }
      ],
      "release_date": "2023-01-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-11-24T16:56:09+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.noarch",
            "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.src",
            "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el7sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7482"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.noarch",
            "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.src",
            "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el7sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: impersonation and lockout possible through incorrect handling of email trust"
    },
    {
      "cve": "CVE-2023-33201",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2023-06-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2215465"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bouncycastle: potential  blind LDAP injection attack using a self-signed certificate",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.noarch",
          "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.src",
          "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el7sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "RHBZ#2215465",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-33201",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201",
          "url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
        }
      ],
      "release_date": "2023-06-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-11-24T16:56:09+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.noarch",
            "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.src",
            "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el7sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7482"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.noarch",
            "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.src",
            "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el7sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "bouncycastle: potential  blind LDAP injection attack using a self-signed certificate"
    },
    {
      "cve": "CVE-2023-44487",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-10-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2242803"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.noarch",
          "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.src",
          "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el7sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "RHBZ#2242803",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
        },
        {
          "category": "external",
          "summary": "RHSB-2023-003",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://github.com/dotnet/announcements/issues/277",
          "url": "https://github.com/dotnet/announcements/issues/277"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2023-2102",
          "url": "https://pkg.go.dev/vuln/GO-2023-2102"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
          "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
          "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2023-10-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-11-24T16:56:09+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.noarch",
            "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.src",
            "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el7sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7482"
        },
        {
          "category": "workaround",
          "details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n     a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n     b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n     c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n     d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n     e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
          "product_ids": [
            "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.noarch",
            "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.src",
            "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el7sso.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.noarch",
            "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el7sso.src",
            "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el7sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2023-10-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
    }
  ]
}

RHSA-2023:7483

Vulnerability from csaf_redhat - Published: 2023-11-24 16:56 - Updated: 2026-06-02 15:03

Summary

Red Hat Security Advisory: Red Hat Single Sign-On 7.6.6 security update on RHEL 8

Severity

Important

Notes

Topic: New Red Hat Single Sign-On 7.6.6 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.6 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.5, and includes bug fixes and enhancements. Security Fix(es): * undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) * netty-codec-http2: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) * bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201) * keycloak: impersonation and lockout possible through incorrect handling of email trust (CVE-2023-0105) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-0105

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-841 - Improper Enforcement of Behavioral Workflow

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.src	—	Vendor Fix fix
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el8sso.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-33201

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.src	—	Vendor Fix fix
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el8sso.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-44487

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el8sso.noarch	—	Vendor Fix fix Workaround

Threats

Exploit Status CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Impact Important

References

27 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:7483	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/vulnerabilitie…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2158910	external
https://bugzilla.redhat.com/show_bug.cgi?id=2215465	external
https://bugzilla.redhat.com/show_bug.cgi?id=2242803	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-0105	self
https://bugzilla.redhat.com/show_bug.cgi?id=2158910	external
https://www.cve.org/CVERecord?id=CVE-2023-0105	external
https://nvd.nist.gov/vuln/detail/CVE-2023-0105	external
https://github.com/advisories/GHSA-c7xw-p58w-h6fj	external
https://access.redhat.com/security/cve/CVE-2023-33201	self
https://bugzilla.redhat.com/show_bug.cgi?id=2215465	external
https://www.cve.org/CVERecord?id=CVE-2023-33201	external
https://nvd.nist.gov/vuln/detail/CVE-2023-33201	external
https://github.com/bcgit/bc-java/wiki/CVE-2023-33201	external
https://access.redhat.com/security/cve/CVE-2023-44487	self
https://bugzilla.redhat.com/show_bug.cgi?id=2242803	external
https://access.redhat.com/security/vulnerabilitie…	external
https://www.cve.org/CVERecord?id=CVE-2023-44487	external
https://nvd.nist.gov/vuln/detail/CVE-2023-44487	external
https://github.com/dotnet/announcements/issues/277	external
https://pkg.go.dev/vuln/GO-2023-2102	external
https://www.cisa.gov/news-events/alerts/2023/10/1…	external
https://www.nginx.com/blog/http-2-rapid-reset-att…	external
https://www.cisa.gov/known-exploited-vulnerabilit…	external

Acknowledgments

Inverid Willem Noort

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "New Red Hat Single Sign-On 7.6.6 packages are now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.6 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.5, and includes bug fixes and enhancements.\n\nSecurity Fix(es):\n* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n* netty-codec-http2: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n* keycloak: impersonation and lockout possible through incorrect handling of email trust (CVE-2023-0105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:7483",
        "url": "https://access.redhat.com/errata/RHSA-2023:7483"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
      },
      {
        "category": "external",
        "summary": "2158910",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158910"
      },
      {
        "category": "external",
        "summary": "2215465",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
      },
      {
        "category": "external",
        "summary": "2242803",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7483.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.6 security update on RHEL 8",
    "tracking": {
      "current_release_date": "2026-06-02T15:03:54+00:00",
      "generator": {
        "date": "2026-06-02T15:03:54+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2023:7483",
      "initial_release_date": "2023-11-24T16:56:38+00:00",
      "revision_history": [
        {
          "date": "2023-11-24T16:56:38+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-11-24T16:56:38+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-02T15:03:54+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Single Sign-On 7.6 for RHEL 8",
                "product": {
                  "name": "Red Hat Single Sign-On 7.6 for RHEL 8",
                  "product_id": "8Base-RHSSO-7.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Single Sign-On"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.src",
                "product": {
                  "name": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.src",
                  "product_id": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.11-2.redhat_00001.1.el8sso?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.noarch",
                "product": {
                  "name": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.noarch",
                  "product_id": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.11-2.redhat_00001.1.el8sso?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el8sso.noarch",
                "product": {
                  "name": "rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el8sso.noarch",
                  "product_id": "rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el8sso.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.11-2.redhat_00001.1.el8sso?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8",
          "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.noarch"
        },
        "product_reference": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.noarch",
        "relates_to_product_reference": "8Base-RHSSO-7.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 8",
          "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.src"
        },
        "product_reference": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.src",
        "relates_to_product_reference": "8Base-RHSSO-7.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8",
          "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el8sso.noarch"
        },
        "product_reference": "rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el8sso.noarch",
        "relates_to_product_reference": "8Base-RHSSO-7.6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Willem Noort"
          ],
          "organization": "Inverid",
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2023-0105",
      "cwe": {
        "id": "CWE-841",
        "name": "Improper Enforcement of Behavioral Workflow"
      },
      "discovery_date": "2022-11-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2158910"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: impersonation and lockout possible through incorrect handling of email trust",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.noarch",
          "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.src",
          "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el8sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-0105"
        },
        {
          "category": "external",
          "summary": "RHBZ#2158910",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158910"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0105",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-0105"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0105",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0105"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-c7xw-p58w-h6fj",
          "url": "https://github.com/advisories/GHSA-c7xw-p58w-h6fj"
        }
      ],
      "release_date": "2023-01-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-11-24T16:56:38+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el8sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7483"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el8sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: impersonation and lockout possible through incorrect handling of email trust"
    },
    {
      "cve": "CVE-2023-33201",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2023-06-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2215465"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bouncycastle: potential  blind LDAP injection attack using a self-signed certificate",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.noarch",
          "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.src",
          "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el8sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "RHBZ#2215465",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-33201",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201",
          "url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
        }
      ],
      "release_date": "2023-06-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-11-24T16:56:38+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el8sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7483"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el8sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "bouncycastle: potential  blind LDAP injection attack using a self-signed certificate"
    },
    {
      "cve": "CVE-2023-44487",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-10-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2242803"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.noarch",
          "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.src",
          "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el8sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "RHBZ#2242803",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
        },
        {
          "category": "external",
          "summary": "RHSB-2023-003",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://github.com/dotnet/announcements/issues/277",
          "url": "https://github.com/dotnet/announcements/issues/277"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2023-2102",
          "url": "https://pkg.go.dev/vuln/GO-2023-2102"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
          "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
          "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2023-10-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-11-24T16:56:38+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el8sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7483"
        },
        {
          "category": "workaround",
          "details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n     a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n     b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n     c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n     d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n     e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
          "product_ids": [
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el8sso.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.noarch",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el8sso.src",
            "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el8sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2023-10-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
    }
  ]
}

RHSA-2023:7484

Vulnerability from csaf_redhat - Published: 2023-11-24 16:56 - Updated: 2026-06-02 15:03

Summary

Red Hat Security Advisory: Red Hat Single Sign-On 7.6.6 security update on RHEL 9

Severity

Important

Notes

Topic: New Red Hat Single Sign-On 7.6.6 packages are now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.6 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.5, and includes bug fixes and enhancements. Security Fix(es): * undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) * netty-codec-http2: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) * bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201) * keycloak: impersonation and lockout possible through incorrect handling of email trust (CVE-2023-0105) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-0105

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-841 - Improper Enforcement of Behavioral Workflow

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.src	—	Vendor Fix fix
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el9sso.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-33201

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.src	—	Vendor Fix fix
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el9sso.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-44487

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el9sso.noarch	—	Vendor Fix fix Workaround

Threats

Exploit Status CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Impact Important

References

27 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:7484	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/vulnerabilitie…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2158910	external
https://bugzilla.redhat.com/show_bug.cgi?id=2215465	external
https://bugzilla.redhat.com/show_bug.cgi?id=2242803	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-0105	self
https://bugzilla.redhat.com/show_bug.cgi?id=2158910	external
https://www.cve.org/CVERecord?id=CVE-2023-0105	external
https://nvd.nist.gov/vuln/detail/CVE-2023-0105	external
https://github.com/advisories/GHSA-c7xw-p58w-h6fj	external
https://access.redhat.com/security/cve/CVE-2023-33201	self
https://bugzilla.redhat.com/show_bug.cgi?id=2215465	external
https://www.cve.org/CVERecord?id=CVE-2023-33201	external
https://nvd.nist.gov/vuln/detail/CVE-2023-33201	external
https://github.com/bcgit/bc-java/wiki/CVE-2023-33201	external
https://access.redhat.com/security/cve/CVE-2023-44487	self
https://bugzilla.redhat.com/show_bug.cgi?id=2242803	external
https://access.redhat.com/security/vulnerabilitie…	external
https://www.cve.org/CVERecord?id=CVE-2023-44487	external
https://nvd.nist.gov/vuln/detail/CVE-2023-44487	external
https://github.com/dotnet/announcements/issues/277	external
https://pkg.go.dev/vuln/GO-2023-2102	external
https://www.cisa.gov/news-events/alerts/2023/10/1…	external
https://www.nginx.com/blog/http-2-rapid-reset-att…	external
https://www.cisa.gov/known-exploited-vulnerabilit…	external

Acknowledgments

Inverid Willem Noort

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "New Red Hat Single Sign-On 7.6.6 packages are now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.6 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.5, and includes bug fixes and enhancements.\n\nSecurity Fix(es):\n\n* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n* netty-codec-http2: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n* keycloak: impersonation and lockout possible through incorrect handling of email trust (CVE-2023-0105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:7484",
        "url": "https://access.redhat.com/errata/RHSA-2023:7484"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
      },
      {
        "category": "external",
        "summary": "2158910",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158910"
      },
      {
        "category": "external",
        "summary": "2215465",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
      },
      {
        "category": "external",
        "summary": "2242803",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7484.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.6 security update on RHEL 9",
    "tracking": {
      "current_release_date": "2026-06-02T15:03:54+00:00",
      "generator": {
        "date": "2026-06-02T15:03:54+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2023:7484",
      "initial_release_date": "2023-11-24T16:56:41+00:00",
      "revision_history": [
        {
          "date": "2023-11-24T16:56:41+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-11-24T16:56:41+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-02T15:03:54+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Single Sign-On 7.6 for RHEL 9",
                "product": {
                  "name": "Red Hat Single Sign-On 7.6 for RHEL 9",
                  "product_id": "9Base-RHSSO-7.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Single Sign-On"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.src",
                "product": {
                  "name": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.src",
                  "product_id": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.11-2.redhat_00001.1.el9sso?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.noarch",
                "product": {
                  "name": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.noarch",
                  "product_id": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.11-2.redhat_00001.1.el9sso?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el9sso.noarch",
                "product": {
                  "name": "rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el9sso.noarch",
                  "product_id": "rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el9sso.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.11-2.redhat_00001.1.el9sso?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9",
          "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.noarch"
        },
        "product_reference": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.noarch",
        "relates_to_product_reference": "9Base-RHSSO-7.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9",
          "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.src"
        },
        "product_reference": "rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.src",
        "relates_to_product_reference": "9Base-RHSSO-7.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9",
          "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el9sso.noarch"
        },
        "product_reference": "rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el9sso.noarch",
        "relates_to_product_reference": "9Base-RHSSO-7.6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Willem Noort"
          ],
          "organization": "Inverid",
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2023-0105",
      "cwe": {
        "id": "CWE-841",
        "name": "Improper Enforcement of Behavioral Workflow"
      },
      "discovery_date": "2022-11-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2158910"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: impersonation and lockout possible through incorrect handling of email trust",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.noarch",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.src",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el9sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-0105"
        },
        {
          "category": "external",
          "summary": "RHBZ#2158910",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158910"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0105",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-0105"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0105",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0105"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-c7xw-p58w-h6fj",
          "url": "https://github.com/advisories/GHSA-c7xw-p58w-h6fj"
        }
      ],
      "release_date": "2023-01-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-11-24T16:56:41+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el9sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7484"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el9sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: impersonation and lockout possible through incorrect handling of email trust"
    },
    {
      "cve": "CVE-2023-33201",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2023-06-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2215465"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bouncycastle: potential  blind LDAP injection attack using a self-signed certificate",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.noarch",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.src",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el9sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "RHBZ#2215465",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-33201",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201",
          "url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
        }
      ],
      "release_date": "2023-06-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-11-24T16:56:41+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el9sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7484"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el9sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "bouncycastle: potential  blind LDAP injection attack using a self-signed certificate"
    },
    {
      "cve": "CVE-2023-44487",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-10-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2242803"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.noarch",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.src",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el9sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "RHBZ#2242803",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
        },
        {
          "category": "external",
          "summary": "RHSB-2023-003",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://github.com/dotnet/announcements/issues/277",
          "url": "https://github.com/dotnet/announcements/issues/277"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2023-2102",
          "url": "https://pkg.go.dev/vuln/GO-2023-2102"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
          "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
          "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2023-10-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-11-24T16:56:41+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el9sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7484"
        },
        {
          "category": "workaround",
          "details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n     a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n     b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n     c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n     d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n     e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
          "product_ids": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el9sso.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.11-2.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.11-2.redhat_00001.1.el9sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2023-10-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
    }
  ]
}

RHSA-2023:7486

Vulnerability from csaf_redhat - Published: 2023-11-24 16:53 - Updated: 2026-06-02 15:03

Summary

Red Hat Security Advisory: Red Hat Single Sign-On 7.6.6 for OpenShift image enhancement and security update

Severity

Important

Notes

Topic: A new image is available for Red Hat Single Sign-On 7.6.6, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.6.6 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release. Security Fix(es): * undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) * netty-codec-http2: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) * bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201) * keycloak: impersonation and lockout possible through incorrect handling of email trust (CVE-2023-0105) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-0105

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-841 - Improper Enforcement of Behavioral Workflow

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:16c055e14341e0373dc090196b3bfb1c962da11343e1322bd7dc59eb9df3b514_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:42eacda40b19a10366ebf98e8db9b7f14f09e567a66beb454c8c50c2ac7827bf_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:da370ba2e4eb8b5af4876defc3a05437e01d224240aff7e0129bc0b96c99124d_s390x	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-33201

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:16c055e14341e0373dc090196b3bfb1c962da11343e1322bd7dc59eb9df3b514_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:42eacda40b19a10366ebf98e8db9b7f14f09e567a66beb454c8c50c2ac7827bf_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:da370ba2e4eb8b5af4876defc3a05437e01d224240aff7e0129bc0b96c99124d_s390x	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-44487

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:16c055e14341e0373dc090196b3bfb1c962da11343e1322bd7dc59eb9df3b514_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:42eacda40b19a10366ebf98e8db9b7f14f09e567a66beb454c8c50c2ac7827bf_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:da370ba2e4eb8b5af4876defc3a05437e01d224240aff7e0129bc0b96c99124d_s390x	—	Vendor Fix fix Workaround

Threats

Exploit Status CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Impact Important

References

27 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:7486	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/vulnerabilitie…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2158910	external
https://bugzilla.redhat.com/show_bug.cgi?id=2215465	external
https://bugzilla.redhat.com/show_bug.cgi?id=2242803	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-0105	self
https://bugzilla.redhat.com/show_bug.cgi?id=2158910	external
https://www.cve.org/CVERecord?id=CVE-2023-0105	external
https://nvd.nist.gov/vuln/detail/CVE-2023-0105	external
https://github.com/advisories/GHSA-c7xw-p58w-h6fj	external
https://access.redhat.com/security/cve/CVE-2023-33201	self
https://bugzilla.redhat.com/show_bug.cgi?id=2215465	external
https://www.cve.org/CVERecord?id=CVE-2023-33201	external
https://nvd.nist.gov/vuln/detail/CVE-2023-33201	external
https://github.com/bcgit/bc-java/wiki/CVE-2023-33201	external
https://access.redhat.com/security/cve/CVE-2023-44487	self
https://bugzilla.redhat.com/show_bug.cgi?id=2242803	external
https://access.redhat.com/security/vulnerabilitie…	external
https://www.cve.org/CVERecord?id=CVE-2023-44487	external
https://nvd.nist.gov/vuln/detail/CVE-2023-44487	external
https://github.com/dotnet/announcements/issues/277	external
https://pkg.go.dev/vuln/GO-2023-2102	external
https://www.cisa.gov/news-events/alerts/2023/10/1…	external
https://www.nginx.com/blog/http-2-rapid-reset-att…	external
https://www.cisa.gov/known-exploited-vulnerabilit…	external

Acknowledgments

Inverid Willem Noort

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A new image is available for Red Hat Single Sign-On 7.6.6, running on OpenShift Container Platform 3.10 and 3.11, and 4.3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services.\n\nThis erratum releases a new image for Red Hat Single Sign-On 7.6.6 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.\n\nSecurity Fix(es):\n\n* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS\nattack (Rapid Reset Attack) (CVE-2023-44487)\n* netty-codec-http2: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable\nto a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n* bouncycastle: potential blind LDAP injection attack using a self-signed\ncertificate (CVE-2023-33201)\n* keycloak: impersonation and lockout possible through incorrect handling of\nemail trust (CVE-2023-0105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:7486",
        "url": "https://access.redhat.com/errata/RHSA-2023:7486"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
      },
      {
        "category": "external",
        "summary": "2158910",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158910"
      },
      {
        "category": "external",
        "summary": "2215465",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
      },
      {
        "category": "external",
        "summary": "2242803",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7486.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.6 for OpenShift image enhancement and security update",
    "tracking": {
      "current_release_date": "2026-06-02T15:03:57+00:00",
      "generator": {
        "date": "2026-06-02T15:03:57+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2023:7486",
      "initial_release_date": "2023-11-24T16:53:18+00:00",
      "revision_history": [
        {
          "date": "2023-11-24T16:53:18+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-11-24T16:53:18+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-02T15:03:57+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Middleware Containers for OpenShift",
                "product": {
                  "name": "Middleware Containers for OpenShift",
                  "product_id": "8Base-RHOSE-Middleware",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhosemc:1.0::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-sso-7/sso76-openshift-rhel8@sha256:42eacda40b19a10366ebf98e8db9b7f14f09e567a66beb454c8c50c2ac7827bf_ppc64le",
                "product": {
                  "name": "rh-sso-7/sso76-openshift-rhel8@sha256:42eacda40b19a10366ebf98e8db9b7f14f09e567a66beb454c8c50c2ac7827bf_ppc64le",
                  "product_id": "rh-sso-7/sso76-openshift-rhel8@sha256:42eacda40b19a10366ebf98e8db9b7f14f09e567a66beb454c8c50c2ac7827bf_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/sso76-openshift-rhel8@sha256:42eacda40b19a10366ebf98e8db9b7f14f09e567a66beb454c8c50c2ac7827bf?arch=ppc64le\u0026repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8\u0026tag=7.6-36"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-sso-7/sso76-openshift-rhel8@sha256:16c055e14341e0373dc090196b3bfb1c962da11343e1322bd7dc59eb9df3b514_amd64",
                "product": {
                  "name": "rh-sso-7/sso76-openshift-rhel8@sha256:16c055e14341e0373dc090196b3bfb1c962da11343e1322bd7dc59eb9df3b514_amd64",
                  "product_id": "rh-sso-7/sso76-openshift-rhel8@sha256:16c055e14341e0373dc090196b3bfb1c962da11343e1322bd7dc59eb9df3b514_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/sso76-openshift-rhel8@sha256:16c055e14341e0373dc090196b3bfb1c962da11343e1322bd7dc59eb9df3b514?arch=amd64\u0026repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8\u0026tag=7.6-36"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-sso-7/sso76-openshift-rhel8@sha256:da370ba2e4eb8b5af4876defc3a05437e01d224240aff7e0129bc0b96c99124d_s390x",
                "product": {
                  "name": "rh-sso-7/sso76-openshift-rhel8@sha256:da370ba2e4eb8b5af4876defc3a05437e01d224240aff7e0129bc0b96c99124d_s390x",
                  "product_id": "rh-sso-7/sso76-openshift-rhel8@sha256:da370ba2e4eb8b5af4876defc3a05437e01d224240aff7e0129bc0b96c99124d_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/sso76-openshift-rhel8@sha256:da370ba2e4eb8b5af4876defc3a05437e01d224240aff7e0129bc0b96c99124d?arch=s390x\u0026repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8\u0026tag=7.6-36"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso-7/sso76-openshift-rhel8@sha256:16c055e14341e0373dc090196b3bfb1c962da11343e1322bd7dc59eb9df3b514_amd64 as a component of Middleware Containers for OpenShift",
          "product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:16c055e14341e0373dc090196b3bfb1c962da11343e1322bd7dc59eb9df3b514_amd64"
        },
        "product_reference": "rh-sso-7/sso76-openshift-rhel8@sha256:16c055e14341e0373dc090196b3bfb1c962da11343e1322bd7dc59eb9df3b514_amd64",
        "relates_to_product_reference": "8Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso-7/sso76-openshift-rhel8@sha256:42eacda40b19a10366ebf98e8db9b7f14f09e567a66beb454c8c50c2ac7827bf_ppc64le as a component of Middleware Containers for OpenShift",
          "product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:42eacda40b19a10366ebf98e8db9b7f14f09e567a66beb454c8c50c2ac7827bf_ppc64le"
        },
        "product_reference": "rh-sso-7/sso76-openshift-rhel8@sha256:42eacda40b19a10366ebf98e8db9b7f14f09e567a66beb454c8c50c2ac7827bf_ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso-7/sso76-openshift-rhel8@sha256:da370ba2e4eb8b5af4876defc3a05437e01d224240aff7e0129bc0b96c99124d_s390x as a component of Middleware Containers for OpenShift",
          "product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:da370ba2e4eb8b5af4876defc3a05437e01d224240aff7e0129bc0b96c99124d_s390x"
        },
        "product_reference": "rh-sso-7/sso76-openshift-rhel8@sha256:da370ba2e4eb8b5af4876defc3a05437e01d224240aff7e0129bc0b96c99124d_s390x",
        "relates_to_product_reference": "8Base-RHOSE-Middleware"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Willem Noort"
          ],
          "organization": "Inverid",
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2023-0105",
      "cwe": {
        "id": "CWE-841",
        "name": "Improper Enforcement of Behavioral Workflow"
      },
      "discovery_date": "2022-11-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2158910"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: impersonation and lockout possible through incorrect handling of email trust",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:16c055e14341e0373dc090196b3bfb1c962da11343e1322bd7dc59eb9df3b514_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:42eacda40b19a10366ebf98e8db9b7f14f09e567a66beb454c8c50c2ac7827bf_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:da370ba2e4eb8b5af4876defc3a05437e01d224240aff7e0129bc0b96c99124d_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-0105"
        },
        {
          "category": "external",
          "summary": "RHBZ#2158910",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158910"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0105",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-0105"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0105",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0105"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-c7xw-p58w-h6fj",
          "url": "https://github.com/advisories/GHSA-c7xw-p58w-h6fj"
        }
      ],
      "release_date": "2023-01-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-11-24T16:53:18+00:00",
          "details": "To update to the latest Red Hat Single Sign-On 7.6.6 for OpenShift image, follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a cluster administrator or user with project administrator access to the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift in the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.6.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.6 for OpenShift streams in the \"openshift\" project by running the following command:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:16c055e14341e0373dc090196b3bfb1c962da11343e1322bd7dc59eb9df3b514_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:42eacda40b19a10366ebf98e8db9b7f14f09e567a66beb454c8c50c2ac7827bf_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:da370ba2e4eb8b5af4876defc3a05437e01d224240aff7e0129bc0b96c99124d_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7486"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:16c055e14341e0373dc090196b3bfb1c962da11343e1322bd7dc59eb9df3b514_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:42eacda40b19a10366ebf98e8db9b7f14f09e567a66beb454c8c50c2ac7827bf_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:da370ba2e4eb8b5af4876defc3a05437e01d224240aff7e0129bc0b96c99124d_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: impersonation and lockout possible through incorrect handling of email trust"
    },
    {
      "cve": "CVE-2023-33201",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2023-06-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2215465"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bouncycastle: potential  blind LDAP injection attack using a self-signed certificate",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:16c055e14341e0373dc090196b3bfb1c962da11343e1322bd7dc59eb9df3b514_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:42eacda40b19a10366ebf98e8db9b7f14f09e567a66beb454c8c50c2ac7827bf_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:da370ba2e4eb8b5af4876defc3a05437e01d224240aff7e0129bc0b96c99124d_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "RHBZ#2215465",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-33201",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201",
          "url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
        }
      ],
      "release_date": "2023-06-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-11-24T16:53:18+00:00",
          "details": "To update to the latest Red Hat Single Sign-On 7.6.6 for OpenShift image, follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a cluster administrator or user with project administrator access to the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift in the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.6.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.6 for OpenShift streams in the \"openshift\" project by running the following command:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:16c055e14341e0373dc090196b3bfb1c962da11343e1322bd7dc59eb9df3b514_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:42eacda40b19a10366ebf98e8db9b7f14f09e567a66beb454c8c50c2ac7827bf_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:da370ba2e4eb8b5af4876defc3a05437e01d224240aff7e0129bc0b96c99124d_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7486"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:16c055e14341e0373dc090196b3bfb1c962da11343e1322bd7dc59eb9df3b514_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:42eacda40b19a10366ebf98e8db9b7f14f09e567a66beb454c8c50c2ac7827bf_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:da370ba2e4eb8b5af4876defc3a05437e01d224240aff7e0129bc0b96c99124d_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "bouncycastle: potential  blind LDAP injection attack using a self-signed certificate"
    },
    {
      "cve": "CVE-2023-44487",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-10-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2242803"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:16c055e14341e0373dc090196b3bfb1c962da11343e1322bd7dc59eb9df3b514_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:42eacda40b19a10366ebf98e8db9b7f14f09e567a66beb454c8c50c2ac7827bf_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:da370ba2e4eb8b5af4876defc3a05437e01d224240aff7e0129bc0b96c99124d_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "RHBZ#2242803",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
        },
        {
          "category": "external",
          "summary": "RHSB-2023-003",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://github.com/dotnet/announcements/issues/277",
          "url": "https://github.com/dotnet/announcements/issues/277"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2023-2102",
          "url": "https://pkg.go.dev/vuln/GO-2023-2102"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
          "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
          "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2023-10-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-11-24T16:53:18+00:00",
          "details": "To update to the latest Red Hat Single Sign-On 7.6.6 for OpenShift image, follow these steps to pull in the content:\n\n1. On your main hosts, ensure you are logged into the CLI as a cluster administrator or user with project administrator access to the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift in the \"openshift\" project by running the following commands:\n\n$ for resource in sso76-image-stream.json \\\nsso76-https.json \\\nsso76-mysql.json \\\nsso76-mysql-persistent.json \\\nsso76-postgresql.json \\\nsso76-postgresql-persistent.json \\\nsso76-x509-https.json \\\nsso76-x509-mysql-persistent.json \\\nsso76-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.6.6.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.6.6 for OpenShift streams in the \"openshift\" project by running the following command:\n\n$ oc -n openshift import-image redhat-sso76-openshift:1.0",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:16c055e14341e0373dc090196b3bfb1c962da11343e1322bd7dc59eb9df3b514_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:42eacda40b19a10366ebf98e8db9b7f14f09e567a66beb454c8c50c2ac7827bf_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:da370ba2e4eb8b5af4876defc3a05437e01d224240aff7e0129bc0b96c99124d_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7486"
        },
        {
          "category": "workaround",
          "details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n     a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n     b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n     c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n     d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n     e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:16c055e14341e0373dc090196b3bfb1c962da11343e1322bd7dc59eb9df3b514_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:42eacda40b19a10366ebf98e8db9b7f14f09e567a66beb454c8c50c2ac7827bf_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:da370ba2e4eb8b5af4876defc3a05437e01d224240aff7e0129bc0b96c99124d_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:16c055e14341e0373dc090196b3bfb1c962da11343e1322bd7dc59eb9df3b514_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:42eacda40b19a10366ebf98e8db9b7f14f09e567a66beb454c8c50c2ac7827bf_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:da370ba2e4eb8b5af4876defc3a05437e01d224240aff7e0129bc0b96c99124d_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2023-10-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
    }
  ]
}

RHSA-2023:7488

Vulnerability from csaf_redhat - Published: 2023-11-24 16:57 - Updated: 2026-06-02 15:03

Summary

Red Hat Security Advisory: Red Hat Single Sign-On 7.6.6 security update

Severity

Important

Notes

Topic: A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.6 serves as a replacement for Red Hat Single Sign-On 7.6.5, and includes bug fixes and enhancements. Security Fix(es): * undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) * netty-codec-http2: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) * bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201) * keycloak: impersonation and lockout possible through incorrect handling of email trust (CVE-2023-0105) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-0105

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-841 - Improper Enforcement of Behavioral Workflow

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-33201

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-44487

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6.6`	—	Vendor Fix fix Workaround

Threats

Exploit Status CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Impact Important

References

28 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:7488	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/vulnerabilitie…	external
https://access.redhat.com/jbossnetwork/restricted…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2158910	external
https://bugzilla.redhat.com/show_bug.cgi?id=2215465	external
https://bugzilla.redhat.com/show_bug.cgi?id=2242803	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-0105	self
https://bugzilla.redhat.com/show_bug.cgi?id=2158910	external
https://www.cve.org/CVERecord?id=CVE-2023-0105	external
https://nvd.nist.gov/vuln/detail/CVE-2023-0105	external
https://github.com/advisories/GHSA-c7xw-p58w-h6fj	external
https://access.redhat.com/security/cve/CVE-2023-33201	self
https://bugzilla.redhat.com/show_bug.cgi?id=2215465	external
https://www.cve.org/CVERecord?id=CVE-2023-33201	external
https://nvd.nist.gov/vuln/detail/CVE-2023-33201	external
https://github.com/bcgit/bc-java/wiki/CVE-2023-33201	external
https://access.redhat.com/security/cve/CVE-2023-44487	self
https://bugzilla.redhat.com/show_bug.cgi?id=2242803	external
https://access.redhat.com/security/vulnerabilitie…	external
https://www.cve.org/CVERecord?id=CVE-2023-44487	external
https://nvd.nist.gov/vuln/detail/CVE-2023-44487	external
https://github.com/dotnet/announcements/issues/277	external
https://pkg.go.dev/vuln/GO-2023-2102	external
https://www.cisa.gov/news-events/alerts/2023/10/1…	external
https://www.nginx.com/blog/http-2-rapid-reset-att…	external
https://www.cisa.gov/known-exploited-vulnerabilit…	external

Acknowledgments

Inverid Willem Noort

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.6 serves as a replacement for Red Hat Single Sign-On 7.6.5, and includes bug fixes and enhancements.\n\nSecurity Fix(es):\n\n* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n* netty-codec-http2: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n* keycloak: impersonation and lockout possible through incorrect handling of email trust (CVE-2023-0105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:7488",
        "url": "https://access.redhat.com/errata/RHSA-2023:7488"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=patches\u0026version=7.6",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=patches\u0026version=7.6"
      },
      {
        "category": "external",
        "summary": "2158910",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158910"
      },
      {
        "category": "external",
        "summary": "2215465",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
      },
      {
        "category": "external",
        "summary": "2242803",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7488.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.6 security update",
    "tracking": {
      "current_release_date": "2026-06-02T15:03:54+00:00",
      "generator": {
        "date": "2026-06-02T15:03:54+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2023:7488",
      "initial_release_date": "2023-11-24T16:57:47+00:00",
      "revision_history": [
        {
          "date": "2023-11-24T16:57:47+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-11-24T16:57:47+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-02T15:03:54+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Single Sign-On 7",
                "product": {
                  "name": "Red Hat Single Sign-On 7",
                  "product_id": "Red Hat Single Sign-On 7",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6.6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Single Sign-On"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Willem Noort"
          ],
          "organization": "Inverid",
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2023-0105",
      "cwe": {
        "id": "CWE-841",
        "name": "Improper Enforcement of Behavioral Workflow"
      },
      "discovery_date": "2022-11-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2158910"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: impersonation and lockout possible through incorrect handling of email trust",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-0105"
        },
        {
          "category": "external",
          "summary": "RHBZ#2158910",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158910"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0105",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-0105"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0105",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0105"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-c7xw-p58w-h6fj",
          "url": "https://github.com/advisories/GHSA-c7xw-p58w-h6fj"
        }
      ],
      "release_date": "2023-01-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-11-24T16:57:47+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7488"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: impersonation and lockout possible through incorrect handling of email trust"
    },
    {
      "cve": "CVE-2023-33201",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2023-06-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2215465"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bouncycastle: potential  blind LDAP injection attack using a self-signed certificate",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "RHBZ#2215465",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-33201",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201",
          "url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
        }
      ],
      "release_date": "2023-06-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-11-24T16:57:47+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7488"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "bouncycastle: potential  blind LDAP injection attack using a self-signed certificate"
    },
    {
      "cve": "CVE-2023-44487",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-10-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2242803"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "RHBZ#2242803",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
        },
        {
          "category": "external",
          "summary": "RHSB-2023-003",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://github.com/dotnet/announcements/issues/277",
          "url": "https://github.com/dotnet/announcements/issues/277"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2023-2102",
          "url": "https://pkg.go.dev/vuln/GO-2023-2102"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
          "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
          "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2023-10-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-11-24T16:57:47+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7488"
        },
        {
          "category": "workaround",
          "details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n     a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n     b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n     c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n     d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n     e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2023-10-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
    }
  ]
}

RHSA-2023:7669

Vulnerability from csaf_redhat - Published: 2023-12-06 22:07 - Updated: 2026-04-30 13:13

Summary

Red Hat Security Advisory: Red Hat build of Cryostat 2.4.0: new RHEL 8 container images

Severity

Moderate

Notes

Topic: New Red Hat build of Cryostat 2.4.0 on RHEL 8 container images are now available

Details: New Red Hat build of Cryostat 2.4.0 on RHEL 8 container images have been released, adding a variety of features and bug fixes. Users of the Red Hat build of Cryostat 2.3.1 on RHEL 8 container images are advised to upgrade to these updated images, which contain backported patches to fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images. Security Fix(es): * vertx-web: StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route (CVE-2023-24815) * bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201) * netty: SniHandler 16MB allocation leads to OOM (CVE-2023-34462) You can find images updated by this advisory in Red Hat Container Catalog (see References).

CVE-2023-24815

A flaw was found in Vert.X Web. When running the application that serves files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (*), an attacker can exfiltrate any class path resource.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-33201

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-34462

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 12 products

Product	Version	Remediation
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

References

25 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:7669	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2209400	external
https://bugzilla.redhat.com/show_bug.cgi?id=2215465	external
https://bugzilla.redhat.com/show_bug.cgi?id=2216888	external
https://issues.redhat.com/browse/JAVAMON-236	external
https://issues.redhat.com/browse/JAVAMON-241	external
https://issues.redhat.com/browse/JAVAMON-243	external
https://issues.redhat.com/browse/JAVAMON-313	external
https://issues.redhat.com/browse/JAVAMON-319	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-24815	self
https://bugzilla.redhat.com/show_bug.cgi?id=2209400	external
https://www.cve.org/CVERecord?id=CVE-2023-24815	external
https://nvd.nist.gov/vuln/detail/CVE-2023-24815	external
https://github.com/vert-x3/vertx-web/security/adv…	external
https://access.redhat.com/security/cve/CVE-2023-33201	self
https://bugzilla.redhat.com/show_bug.cgi?id=2215465	external
https://www.cve.org/CVERecord?id=CVE-2023-33201	external
https://nvd.nist.gov/vuln/detail/CVE-2023-33201	external
https://github.com/bcgit/bc-java/wiki/CVE-2023-33201	external
https://access.redhat.com/security/cve/CVE-2023-34462	self
https://bugzilla.redhat.com/show_bug.cgi?id=2216888	external
https://www.cve.org/CVERecord?id=CVE-2023-34462	external
https://nvd.nist.gov/vuln/detail/CVE-2023-34462	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "New Red Hat build of Cryostat 2.4.0 on RHEL 8 container images are now available",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "New Red Hat build of Cryostat 2.4.0 on RHEL 8 container images have been released, adding a variety of features and bug fixes.\n\nUsers of the Red Hat build of Cryostat 2.3.1 on RHEL 8 container images are advised to upgrade to these updated images, which contain backported patches to fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.\n\nSecurity Fix(es):\n\n* vertx-web: StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route (CVE-2023-24815)\n\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n\n* netty: SniHandler 16MB allocation leads to OOM (CVE-2023-34462)\n\nYou can find images updated by this advisory in Red Hat Container Catalog (see References).",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:7669",
        "url": "https://access.redhat.com/errata/RHSA-2023:7669"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2209400",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209400"
      },
      {
        "category": "external",
        "summary": "2215465",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
      },
      {
        "category": "external",
        "summary": "2216888",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888"
      },
      {
        "category": "external",
        "summary": "JAVAMON-236",
        "url": "https://issues.redhat.com/browse/JAVAMON-236"
      },
      {
        "category": "external",
        "summary": "JAVAMON-241",
        "url": "https://issues.redhat.com/browse/JAVAMON-241"
      },
      {
        "category": "external",
        "summary": "JAVAMON-243",
        "url": "https://issues.redhat.com/browse/JAVAMON-243"
      },
      {
        "category": "external",
        "summary": "JAVAMON-313",
        "url": "https://issues.redhat.com/browse/JAVAMON-313"
      },
      {
        "category": "external",
        "summary": "JAVAMON-319",
        "url": "https://issues.redhat.com/browse/JAVAMON-319"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7669.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat build of Cryostat 2.4.0: new RHEL 8 container images",
    "tracking": {
      "current_release_date": "2026-04-30T13:13:25+00:00",
      "generator": {
        "date": "2026-04-30T13:13:25+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.7"
        }
      },
      "id": "RHSA-2023:7669",
      "initial_release_date": "2023-12-06T22:07:18+00:00",
      "revision_history": [
        {
          "date": "2023-12-06T22:07:18+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-12-06T22:07:18+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-30T13:13:25+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Cryostat 2 on RHEL 8",
                "product": {
                  "name": "Cryostat 2 on RHEL 8",
                  "product_id": "8Base-Cryostat-2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:cryostat:2::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Cryostat"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
                  "product_id": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8\u0026tag=2.4.0-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
                  "product_id": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-reports-rhel8\u0026tag=2.4.0-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
                  "product_id": "cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8\u0026tag=2.4.0-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
                  "product_id": "cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-operator-bundle\u0026tag=2.4.0-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
                  "product_id": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8-operator\u0026tag=2.4.0-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64",
                "product": {
                  "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64",
                  "product_id": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8\u0026tag=2.4.0-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
                  "product_id": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8\u0026tag=2.4.0-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
                  "product_id": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-reports-rhel8\u0026tag=2.4.0-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
                  "product_id": "cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8\u0026tag=2.4.0-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
                  "product_id": "cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-operator-bundle\u0026tag=2.4.0-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
                "product": {
                  "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
                  "product_id": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8-operator\u0026tag=2.4.0-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
                "product": {
                  "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
                  "product_id": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8\u0026tag=2.4.0-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64 as a component of Cryostat 2 on RHEL 8",
          "product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
        "relates_to_product_reference": "8Base-Cryostat-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64 as a component of Cryostat 2 on RHEL 8",
          "product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
        "relates_to_product_reference": "8Base-Cryostat-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64 as a component of Cryostat 2 on RHEL 8",
          "product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
        "relates_to_product_reference": "8Base-Cryostat-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64 as a component of Cryostat 2 on RHEL 8",
          "product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
        "relates_to_product_reference": "8Base-Cryostat-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64 as a component of Cryostat 2 on RHEL 8",
          "product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
        "relates_to_product_reference": "8Base-Cryostat-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64 as a component of Cryostat 2 on RHEL 8",
          "product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
        "relates_to_product_reference": "8Base-Cryostat-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64 as a component of Cryostat 2 on RHEL 8",
          "product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
        "relates_to_product_reference": "8Base-Cryostat-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64 as a component of Cryostat 2 on RHEL 8",
          "product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
        "relates_to_product_reference": "8Base-Cryostat-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64 as a component of Cryostat 2 on RHEL 8",
          "product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
        "relates_to_product_reference": "8Base-Cryostat-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64 as a component of Cryostat 2 on RHEL 8",
          "product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64"
        },
        "product_reference": "cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
        "relates_to_product_reference": "8Base-Cryostat-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64 as a component of Cryostat 2 on RHEL 8",
          "product_id": "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64"
        },
        "product_reference": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
        "relates_to_product_reference": "8Base-Cryostat-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64 as a component of Cryostat 2 on RHEL 8",
          "product_id": "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
        },
        "product_reference": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64",
        "relates_to_product_reference": "8Base-Cryostat-2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-24815",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2023-05-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2209400"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Vert.X Web. When running the application that serves files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (*), an attacker can exfiltrate any class path resource.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vertx-web: StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-24815"
        },
        {
          "category": "external",
          "summary": "RHBZ#2209400",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209400"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24815",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-24815"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24815",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24815"
        },
        {
          "category": "external",
          "summary": "https://github.com/vert-x3/vertx-web/security/advisories/GHSA-53jx-vvf9-4x38",
          "url": "https://github.com/vert-x3/vertx-web/security/advisories/GHSA-53jx-vvf9-4x38"
        }
      ],
      "release_date": "2023-02-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-06T22:07:18+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7669"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "vertx-web: StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route"
    },
    {
      "cve": "CVE-2023-33201",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2023-06-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2215465"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bouncycastle: potential  blind LDAP injection attack using a self-signed certificate",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "RHBZ#2215465",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-33201",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201",
          "url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
        }
      ],
      "release_date": "2023-06-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-06T22:07:18+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7669"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "bouncycastle: potential  blind LDAP injection attack using a self-signed certificate"
    },
    {
      "cve": "CVE-2023-34462",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2023-06-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2216888"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty\u0027s SniHandler while navigating TLS handshake which may permit a large heap allocation if the handler did not have a timeout configured. This issue may allow an attacker to send a client hello packet which would cause the server to buffer large amounts of data per connection, potentially causing an out of memory error, resulting in Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty: SniHandler 16MB allocation leads to OOM",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
          "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
          "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-34462"
        },
        {
          "category": "external",
          "summary": "RHBZ#2216888",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-34462",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462"
        }
      ],
      "release_date": "2023-06-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-06T22:07:18+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7669"
        },
        {
          "category": "workaround",
          "details": "Configuration of SniHandler with an idle timeout will mitigate this issue.",
          "product_ids": [
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:5138e1feda1fd225914b9705f3cd88525b783ada5f672c20392abf003bd334c7_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:7cbc39b1a3b490b3118980e9fbff1aeba74705e435eaa3d6ba75f39a86a924d4_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:90e788b71753d6a569f5907c8cb1e8f2633a11ed4f9f3df1bcbba6ab9c9110e7_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:ca23f4944519260549274d79c3cfda72bee9dbad380218cacea9fbc055ed3420_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:1b8dfb006d0c449350b5683c9ac3576ab0256a9c7c1a068a8486bfb717d0b7ed_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:7130279b46d9546449494e613dea6c53390c6ee3e2e894d4f89583182e58bc98_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:1c9fe1c25eb9f3e7501c8f065f2248e5e46bba17849b2b760198490dc7f94428_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:3f179ccc29afd98d882dbbb90954cab6b34f23db8110663264d7b3de94b32d36_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:0e11667c5eeac5bed4f636f056f248d101d45b4b840efc55e636410f4865bcd2_arm64",
            "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:ab2ecd8c68bfe794bb26efab1fdeadb2015efc4a827d4c45cb1b16133288ce4f_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:492a3d8ed08d3b385665c93071fa6c3a1e5e4389b6d0780ef0014ffebfa61415_amd64",
            "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:70ee85830ebc5d89ba87d301d3731cbafa89247a3b2c23667aaa123e710cb90b_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty: SniHandler 16MB allocation leads to OOM"
    }
  ]
}

RHSA-2023:7678

Vulnerability from csaf_redhat - Published: 2023-12-06 23:30 - Updated: 2026-05-29 17:49

Summary

Red Hat Security Advisory: Red Hat AMQ Streams 2.6.0 release and security update

Severity

Important

Notes

Topic: Red Hat AMQ Streams 2.6.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 2.6.0 serves as a replacement for Red Hat AMQ Streams 2.5.1, and includes security and bug fixes, and enhancements. Security Fix(es): * JSON-java: parser confusion leads to OOM (CVE-2023-5072) * spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry (CVE-2023-20873) * zookeeper: Authorization Bypass in Apache ZooKeeper (CVE-2023-44981) * apache-ivy: XML External Entity vulnerability (CVE-2022-46751) * guava: insecure temporary directory creation (CVE-2023-2976) * jose4j: Insecure iteration count setting (CVE-2023-31582) * bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201) * jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167) * tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080) * gradle: Possible local text file exfiltration by XML External entity injection (CVE-2023-42445) * gradle: Incorrect permission assignment for symlinked files used in copy or archiving operations (CVE-2023-44387) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-46751

Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used. This can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways. Starting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed. Users of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about "JAXP Properties for External Access restrictions" inside Oracle's "Java API for XML Processing (JAXP) Security Guide".

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

CWE-611 - Improper Restriction of XML External Entity Reference

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.6.0 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-2976

A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-552 - Files or Directories Accessible to External Parties

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.6.0 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2023-5072

A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service (DoS).

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.6.0 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2023-20873

A flaw was found in Spring Boot. This targets specifically 'spring-boot-actuator-autoconfigure' package. This issue occurs when an application is deployed to Cloud Foundry, which could be susceptible to a security bypass. Specifically, an application is vulnerable when all of the following are true: * You have code that can handle requests that match /cloudfoundryapplication/**. Typically, this will be if there is a catch-all request mapping which matches /**. * The application is deployed to Cloud Foundry. An application is not vulnerable if any of the following is true: * The application is not deployed to Cloud Foundry * You have disabled Cloud Foundry actuator endpoints with management.cloudfoundry.enabled set to false. * Your application does not have handler mappings that can handle requests to /cloudfoundryapplication/**.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-284 - Improper Access Control

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.6.0 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2023-31582

A flaw was found in Jose4J which allows a malicious user or internal person to erroneously set a low iteration count of 1000 or less to secure the Json Web Token. This could apply to lack of entropy and leave the system less secure.

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-331 - Insufficient Entropy

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.6.0 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2023-33201

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.6.0 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-40167

A flaw was found in Jetty that permits a plus sign (+) preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400 responses.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-130 - Improper Handling of Length Parameter Inconsistency

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.6.0 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-41080

A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.6.0 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-42445

A flaw was found in Gradle. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), parsing XML can lead to the exfiltration of local text files to a remote server. In most cases, Gradle parses XML files it generated, or that were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-611 - Improper Restriction of XML External Entity Reference

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.6.0 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-44387

A flaw was found in Gradle. When copying files or creating archives, Gradle does not preserve symbolic links, instead resolving them to their underlying target file, but permissions of the new file use those of the link instead of those from the target file. This issue can lead to files with broader permissions than intended, as symbolic links are usually world-readable and writeable.

3.2 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

CWE-732 - Incorrect Permission Assignment for Critical Resource

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.6.0 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2023-44981

A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instance part in SASL authentication ID (which is optional), therefore, the server would skip this check and as a result, join the cluster and propagate information with complete read and write access.

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-639 - Authorization Bypass Through User-Controlled Key

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat AMQ Streams 2.6.0 Red Hat / Red Hat JBoss AMQ	`cpe:/a:redhat:amq_streams:2`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

References

73 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:7678	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/jbossnetwork/restricted…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2215229	external
https://bugzilla.redhat.com/show_bug.cgi?id=2215465	external
https://bugzilla.redhat.com/show_bug.cgi?id=2231491	external
https://bugzilla.redhat.com/show_bug.cgi?id=2233112	external
https://bugzilla.redhat.com/show_bug.cgi?id=2235370	external
https://bugzilla.redhat.com/show_bug.cgi?id=2239634	external
https://bugzilla.redhat.com/show_bug.cgi?id=2242485	external
https://bugzilla.redhat.com/show_bug.cgi?id=2242538	external
https://bugzilla.redhat.com/show_bug.cgi?id=2243436	external
https://bugzilla.redhat.com/show_bug.cgi?id=2246370	external
https://bugzilla.redhat.com/show_bug.cgi?id=2246417	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2022-46751	self
https://bugzilla.redhat.com/show_bug.cgi?id=2233112	external
https://www.cve.org/CVERecord?id=CVE-2022-46751	external
https://nvd.nist.gov/vuln/detail/CVE-2022-46751	external
https://lists.apache.org/thread/1dj60hg5nr36kjr4p…	external
https://access.redhat.com/security/cve/CVE-2023-2976	self
https://bugzilla.redhat.com/show_bug.cgi?id=2215229	external
https://www.cve.org/CVERecord?id=CVE-2023-2976	external
https://nvd.nist.gov/vuln/detail/CVE-2023-2976	external
https://access.redhat.com/security/cve/CVE-2023-5072	self
https://bugzilla.redhat.com/show_bug.cgi?id=2246417	external
https://www.cve.org/CVERecord?id=CVE-2023-5072	external
https://nvd.nist.gov/vuln/detail/CVE-2023-5072	external
https://github.com/stleary/JSON-java/issues/758	external
https://github.com/stleary/JSON-java/issues/771	external
https://access.redhat.com/security/cve/CVE-2023-20873	self
https://bugzilla.redhat.com/show_bug.cgi?id=2231491	external
https://www.cve.org/CVERecord?id=CVE-2023-20873	external
https://nvd.nist.gov/vuln/detail/CVE-2023-20873	external
https://github.com/advisories/GHSA-g5h3-w546-pj7f	external
https://spring.io/security/cve-2023-20873/	external
https://access.redhat.com/security/cve/CVE-2023-31582	self
https://bugzilla.redhat.com/show_bug.cgi?id=2246370	external
https://www.cve.org/CVERecord?id=CVE-2023-31582	external
https://nvd.nist.gov/vuln/detail/CVE-2023-31582	external
https://bitbucket.org/b_c/jose4j/issues/203/insec…	external
https://github.com/KANIXB/JWTIssues/blob/main/jos…	external
https://access.redhat.com/security/cve/CVE-2023-33201	self
https://bugzilla.redhat.com/show_bug.cgi?id=2215465	external
https://www.cve.org/CVERecord?id=CVE-2023-33201	external
https://nvd.nist.gov/vuln/detail/CVE-2023-33201	external
https://github.com/bcgit/bc-java/wiki/CVE-2023-33201	external
https://access.redhat.com/security/cve/CVE-2023-40167	self
https://bugzilla.redhat.com/show_bug.cgi?id=2239634	external
https://www.cve.org/CVERecord?id=CVE-2023-40167	external
https://nvd.nist.gov/vuln/detail/CVE-2023-40167	external
https://github.com/eclipse/jetty.project/security…	external
https://www.rfc-editor.org/rfc/rfc9110#section-8.6	external
https://access.redhat.com/security/cve/CVE-2023-41080	self
https://bugzilla.redhat.com/show_bug.cgi?id=2235370	external
https://www.cve.org/CVERecord?id=CVE-2023-41080	external
https://nvd.nist.gov/vuln/detail/CVE-2023-41080	external
https://lists.apache.org/thread/71wvwprtx2j2m54fo…	external
https://access.redhat.com/security/cve/CVE-2023-42445	self
https://bugzilla.redhat.com/show_bug.cgi?id=2242538	external
https://www.cve.org/CVERecord?id=CVE-2023-42445	external
https://nvd.nist.gov/vuln/detail/CVE-2023-42445	external
https://github.com/gradle/gradle/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2023-44387	self
https://bugzilla.redhat.com/show_bug.cgi?id=2242485	external
https://www.cve.org/CVERecord?id=CVE-2023-44387	external
https://nvd.nist.gov/vuln/detail/CVE-2023-44387	external
https://github.com/gradle/gradle/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2023-44981	self
https://bugzilla.redhat.com/show_bug.cgi?id=2243436	external
https://www.cve.org/CVERecord?id=CVE-2023-44981	external
https://nvd.nist.gov/vuln/detail/CVE-2023-44981	external
https://lists.apache.org/thread/wf0yrk84dg1942z1o…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat AMQ Streams 2.6.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 2.6.0 serves as a replacement for Red Hat AMQ Streams 2.5.1, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n\n* JSON-java: parser confusion leads to OOM (CVE-2023-5072)\n\n* spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry (CVE-2023-20873)\n\n* zookeeper: Authorization Bypass in Apache ZooKeeper (CVE-2023-44981)\n\n* apache-ivy: XML External Entity vulnerability (CVE-2022-46751)\n\n* guava: insecure temporary directory creation (CVE-2023-2976)\n\n* jose4j: Insecure iteration count setting (CVE-2023-31582)\n\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n\n* jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)\n\n* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)\n\n* gradle: Possible local text file exfiltration by XML External entity injection (CVE-2023-42445)\n\n* gradle: Incorrect permission assignment for symlinked files used in copy or archiving operations (CVE-2023-44387)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:7678",
        "url": "https://access.redhat.com/errata/RHSA-2023:7678"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=2.6.0",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.streams\u0026version=2.6.0"
      },
      {
        "category": "external",
        "summary": "2215229",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
      },
      {
        "category": "external",
        "summary": "2215465",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
      },
      {
        "category": "external",
        "summary": "2231491",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231491"
      },
      {
        "category": "external",
        "summary": "2233112",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233112"
      },
      {
        "category": "external",
        "summary": "2235370",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"
      },
      {
        "category": "external",
        "summary": "2239634",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239634"
      },
      {
        "category": "external",
        "summary": "2242485",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242485"
      },
      {
        "category": "external",
        "summary": "2242538",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242538"
      },
      {
        "category": "external",
        "summary": "2243436",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243436"
      },
      {
        "category": "external",
        "summary": "2246370",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246370"
      },
      {
        "category": "external",
        "summary": "2246417",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246417"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7678.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat AMQ Streams 2.6.0 release and security update",
    "tracking": {
      "current_release_date": "2026-05-29T17:49:39+00:00",
      "generator": {
        "date": "2026-05-29T17:49:39+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2023:7678",
      "initial_release_date": "2023-12-06T23:30:39+00:00",
      "revision_history": [
        {
          "date": "2023-12-06T23:30:39+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-12-06T23:30:39+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-29T17:49:39+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat AMQ Streams 2.6.0",
                "product": {
                  "name": "Red Hat AMQ Streams 2.6.0",
                  "product_id": "Red Hat AMQ Streams 2.6.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:amq_streams:2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss AMQ"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-46751",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "discovery_date": "2023-08-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2233112"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2.\n\nWhen Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used.\n\nThis can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways.\n\nStarting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed.\n\nUsers of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about \"JAXP Properties for External Access restrictions\" inside Oracle\u0027s \"Java API for XML Processing (JAXP) Security Guide\".",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apache-ivy: XML External Entity vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.6.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-46751"
        },
        {
          "category": "external",
          "summary": "RHBZ#2233112",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233112"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46751",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-46751"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46751",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46751"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8",
          "url": "https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8"
        }
      ],
      "release_date": "2023-08-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-06T23:30:39+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Streams 2.6.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7678"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.6.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apache-ivy: XML External Entity vulnerability"
    },
    {
      "cve": "CVE-2023-2976",
      "cwe": {
        "id": "CWE-552",
        "name": "Files or Directories Accessible to External Parties"
      },
      "discovery_date": "2023-06-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2215229"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "guava: insecure temporary directory creation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.6.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-2976"
        },
        {
          "category": "external",
          "summary": "RHBZ#2215229",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
        }
      ],
      "release_date": "2023-06-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-06T23:30:39+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Streams 2.6.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7678"
        },
        {
          "category": "workaround",
          "details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.",
          "product_ids": [
            "Red Hat AMQ Streams 2.6.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.6.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "guava: insecure temporary directory creation"
    },
    {
      "cve": "CVE-2023-5072",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2023-10-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2246417"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service (DoS).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "JSON-java: parser confusion leads to OOM",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability may cause denial of service with a small string input, causing the server to be unresponsive easily, hence the Important impact.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.6.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-5072"
        },
        {
          "category": "external",
          "summary": "RHBZ#2246417",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246417"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-5072",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5072",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5072"
        },
        {
          "category": "external",
          "summary": "https://github.com/stleary/JSON-java/issues/758",
          "url": "https://github.com/stleary/JSON-java/issues/758"
        },
        {
          "category": "external",
          "summary": "https://github.com/stleary/JSON-java/issues/771",
          "url": "https://github.com/stleary/JSON-java/issues/771"
        }
      ],
      "release_date": "2023-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-06T23:30:39+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Streams 2.6.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7678"
        },
        {
          "category": "workaround",
          "details": "No current mitigation is available for this flaw.",
          "product_ids": [
            "Red Hat AMQ Streams 2.6.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.6.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "JSON-java: parser confusion leads to OOM"
    },
    {
      "cve": "CVE-2023-20873",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2023-04-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2231491"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Spring Boot. This targets specifically \u0027spring-boot-actuator-autoconfigure\u0027 package. This issue occurs when an application is deployed to Cloud Foundry, which could be susceptible to a security bypass.\r\n\r\nSpecifically, an application is vulnerable when all of the following are true:\r\n\r\n         * You have code that can handle requests that match /cloudfoundryapplication/**. Typically, this will be if there is a catch-all request mapping which matches /**.\r\n         * The application is deployed to Cloud Foundry.\r\n\r\nAn application is not vulnerable if any of the following is true:\r\n\r\n          * The application is not deployed to Cloud Foundry\r\n          * You have disabled Cloud Foundry actuator endpoints with management.cloudfoundry.enabled set to false.\r\n          * Your application does not have handler mappings that can handle requests to /cloudfoundryapplication/**.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The following Red Hat products do not ship the affected software component and so are not affected:\n\n         * Red Hat Enterprise Linux 8, 9\n         * Enterprise Application Platform 6, 7, 8, XP\n         * Data Grid 7, 8\n         * Migration Toolkit for Runtimes\n         * Red Hat Build of OptaPlanner\n         * Red Hat Integration Camel-K\n         * Red Hat AMQ Broker 7\n         * Red Hat AMQ Clients 2\n         * Red Hat AMQ Streams 2\n         * Red Hat Fuse 6\n         * Red Hat Fuse 7\n         * Red Hat VertX 4\n\nThe following Red Hat products ship the affected software but do not enable or do not ship the vulnerable classes, and so are affected but at Low security impact.\n\n         * Red Hat Decision Manager 7\n         * Red Hat Process Automation Manager 7\n         * Red Hat Single Sign-On 7",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.6.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-20873"
        },
        {
          "category": "external",
          "summary": "RHBZ#2231491",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231491"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-20873",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-20873"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20873",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20873"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-g5h3-w546-pj7f",
          "url": "https://github.com/advisories/GHSA-g5h3-w546-pj7f"
        },
        {
          "category": "external",
          "summary": "https://spring.io/security/cve-2023-20873/",
          "url": "https://spring.io/security/cve-2023-20873/"
        }
      ],
      "release_date": "2023-05-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-06T23:30:39+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Streams 2.6.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7678"
        },
        {
          "category": "workaround",
          "details": "Disable Cloud Foundry actuator endpoints by setting \u0027management.cloudfoundry.enabled\u0027 to false.",
          "product_ids": [
            "Red Hat AMQ Streams 2.6.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.6.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry"
    },
    {
      "cve": "CVE-2023-31582",
      "cwe": {
        "id": "CWE-331",
        "name": "Insufficient Entropy"
      },
      "discovery_date": "2023-10-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2246370"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Jose4J which allows a malicious user or internal person to erroneously set a low iteration count of 1000 or less to secure the Json Web Token. This could apply to lack of entropy and leave the system less secure.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jose4j: Insecure iteration count setting",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw would require manually setting of the number of iterations under 1000 for Json Web Encryption, therefore, a malicious user would need previous access to modify it. Also, a user would still be able to set the variable incorrectly and make the environment less secure for JWE. This is currently rated as a moderate impact.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.6.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-31582"
        },
        {
          "category": "external",
          "summary": "RHBZ#2246370",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246370"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-31582",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-31582"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-31582",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31582"
        },
        {
          "category": "external",
          "summary": "https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then",
          "url": "https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then"
        },
        {
          "category": "external",
          "summary": "https://github.com/KANIXB/JWTIssues/blob/main/jose4j%20issue.md",
          "url": "https://github.com/KANIXB/JWTIssues/blob/main/jose4j%20issue.md"
        }
      ],
      "release_date": "2023-10-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-06T23:30:39+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Streams 2.6.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7678"
        },
        {
          "category": "workaround",
          "details": "No mitigation is currently available for this flaw.",
          "product_ids": [
            "Red Hat AMQ Streams 2.6.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.6.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jose4j: Insecure iteration count setting"
    },
    {
      "cve": "CVE-2023-33201",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2023-06-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2215465"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bouncycastle: potential  blind LDAP injection attack using a self-signed certificate",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.6.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "RHBZ#2215465",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-33201",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201",
          "url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
        }
      ],
      "release_date": "2023-06-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-06T23:30:39+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Streams 2.6.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7678"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.6.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "bouncycastle: potential  blind LDAP injection attack using a self-signed certificate"
    },
    {
      "cve": "CVE-2023-40167",
      "cwe": {
        "id": "CWE-130",
        "name": "Improper Handling of Length Parameter Inconsistency"
      },
      "discovery_date": "2023-09-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2239634"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Jetty that permits a plus sign (+) preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400 responses.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty: Improper validation of HTTP/1 content-length",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.6.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-40167"
        },
        {
          "category": "external",
          "summary": "RHBZ#2239634",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239634"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-40167",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6",
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6"
        },
        {
          "category": "external",
          "summary": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6",
          "url": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6"
        }
      ],
      "release_date": "2023-09-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-06T23:30:39+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Streams 2.6.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7678"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.6.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jetty: Improper validation of HTTP/1 content-length"
    },
    {
      "cve": "CVE-2023-41080",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "discovery_date": "2023-08-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2235370"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Open Redirect vulnerability in FORM authentication",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The pki-servlet-engine package has been obsoleted by the Tomcat package. Therefore, this issue will be fixed in the Tomcat package rather than the pki-serlvet-engine package. Please follow the RHEL Tomcat trackers instead for the updates.\n\nRed Hat Satellite is not directly impacted by this issue, since it does not embed the dependency on their offer deliveries. However, end users of Red Hat Satellite are using Tomcat via RHEL channels, which provides Tomcat dependency needed by candlepin to function in Satellite.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.6.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-41080"
        },
        {
          "category": "external",
          "summary": "RHBZ#2235370",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-41080",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-41080"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f",
          "url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f"
        }
      ],
      "release_date": "2023-08-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-06T23:30:39+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Streams 2.6.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7678"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.6.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat: Open Redirect vulnerability in FORM authentication"
    },
    {
      "cve": "CVE-2023-42445",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "discovery_date": "2023-10-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2242538"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Gradle. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), parsing XML can lead to the exfiltration of local text files to a remote server. In most cases, Gradle parses XML files it generated, or that were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "gradle: Possible local text file exfiltration by XML External entity injection",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.6.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-42445"
        },
        {
          "category": "external",
          "summary": "RHBZ#2242538",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242538"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-42445",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-42445"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42445",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42445"
        },
        {
          "category": "external",
          "summary": "https://github.com/gradle/gradle/security/advisories/GHSA-mrff-q8qj-xvg8",
          "url": "https://github.com/gradle/gradle/security/advisories/GHSA-mrff-q8qj-xvg8"
        }
      ],
      "release_date": "2023-10-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-06T23:30:39+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Streams 2.6.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7678"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.6.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "gradle: Possible local text file exfiltration by XML External entity injection"
    },
    {
      "cve": "CVE-2023-44387",
      "cwe": {
        "id": "CWE-732",
        "name": "Incorrect Permission Assignment for Critical Resource"
      },
      "discovery_date": "2023-10-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2242485"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Gradle. When copying files or creating archives, Gradle does not preserve symbolic links, instead resolving them to their underlying target file, but permissions of the new file use those of the link instead of those from the target file. This issue can lead to files with broader permissions than intended, as symbolic links are usually world-readable and writeable.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "gradle: Incorrect permission assignment for symlinked files used in copy or archiving operations",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.6.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-44387"
        },
        {
          "category": "external",
          "summary": "RHBZ#2242485",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242485"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44387",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-44387"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44387",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44387"
        },
        {
          "category": "external",
          "summary": "https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9",
          "url": "https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9"
        }
      ],
      "release_date": "2023-10-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-06T23:30:39+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Streams 2.6.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7678"
        },
        {
          "category": "workaround",
          "details": "User should follow the documentation to explicitly set permissions when copying or create archives: https://docs.gradle.org/current/userguide/working_with_files.html#sec:setting_file_permissions",
          "product_ids": [
            "Red Hat AMQ Streams 2.6.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.2,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.6.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "gradle: Incorrect permission assignment for symlinked files used in copy or archiving operations"
    },
    {
      "cve": "CVE-2023-44981",
      "cwe": {
        "id": "CWE-639",
        "name": "Authorization Bypass Through User-Controlled Key"
      },
      "discovery_date": "2023-10-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2243436"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instance part in SASL authentication ID (which is optional), therefore, the server would skip this check and as a result, join the cluster and propagate information with complete read and write access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "zookeeper: Authorization Bypass in Apache ZooKeeper",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat AMQ 7 Broker and Red Hat AMQ Streams 2 use Zookeeper but do not use or enable the vulnerable functionality, Peer Authentication. They are affected at Moderate Impact by this flaw.\n\nRed Hat Fuse 7 uses Zookeeper but does not use any of its server capabilities and as such is not vulnerable, and so is affected at Low Impact by this flaw.\n\nRed Hat Process Automation Manager 7 and Red Hat Decision Manager 7 do not ship zookeeper, and so are not affected by this flaw.\n\nRed Hat Fuse 6 and AMQ 6 use Zookeeper but are not vulnerable to this flaw, and have been assessed as Important Impact and are as such out of security support scope for this flaw.\n\nRed Hat Business Process Manager Suite 6, Red Hat Business Rules Management Suite 6, Red Hat JBoss Data Virtualization 6, Red Hat OpenShift Application Runtime Vert-x, and Red Hat Fuse Service Works 6 are out of security support scope for this flaw.\n\nAs no Red Hat products are affected at Critical Impact by this flaw, its overall impact has been reduced to Important.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 2.6.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-44981"
        },
        {
          "category": "external",
          "summary": "RHBZ#2243436",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243436"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44981",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44981",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44981"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b",
          "url": "https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b"
        }
      ],
      "release_date": "2023-10-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-06T23:30:39+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Streams 2.6.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7678"
        },
        {
          "category": "workaround",
          "details": "According to Apache\u0027s document: Ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue.",
          "product_ids": [
            "Red Hat AMQ Streams 2.6.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 2.6.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "zookeeper: Authorization Bypass in Apache ZooKeeper"
    }
  ]
}

RHSA-2023_3954

Vulnerability from csaf_redhat - Published: 2023-06-29 20:07 - Updated: 2024-12-17 22:56

Summary

Red Hat Security Advisory: Red Hat Fuse 7.12 release and security update

Severity

Critical

Notes

Topic: A minor version update (from 7.11 to 7.12) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: This release of Red Hat Fuse 7.12 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Security Fix(es): * hazelcast: Hazelcast connection caching (CVE-2022-36437) * spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security (CVE-2022-31692) * xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966) * Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920) * Apache CXF: SSRF Vulnerability (CVE-2022-46364) * Undertow: Infinite loop in SslConduit during close (CVE-2023-1108) * json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370) * springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860) * spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883) * jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name (CVE-2012-5783) * apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956) * undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492) * Moment.js: Path traversal in moment.locale (CVE-2022-24785) * batik: Server-Side Request Forgery (CVE-2022-38398) * batik: Server-Side Request Forgery (CVE-2022-38648) * batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146) * batik: Apache XML Graphics Batik vulnerable to code execution via SVG (CVE-2022-41704) * dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854) * codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881) * engine.io: Specially crafted HTTP request can trigger an uncaught exception (CVE-2022-41940) * postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions (CVE-2022-41946) * batik: Untrusted code execution in Apache XML Graphics Batik (CVE-2022-42890) * Apache CXF: directory listing / code exfiltration (CVE-2022-46363) * springframework: Spring Expression DoS Vulnerability (CVE-2023-20861) * shiro: Authentication bypass through a specially crafted HTTP request (CVE-2023-22602) * bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201) * tomcat: JsonErrorReportValve injection (CVE-2022-45143) For more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2012-5783

It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

3.7 (Low)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.12 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-13956

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.12 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-4492

A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-550 - Server-generated Error Message Containing Sensitive Information

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.12 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-24785

A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.12 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2022-31692

A flaw was found in the spring-security framework. Spring Security could allow a remote attacker to bypass security restrictions caused by an issue when using forward or include dispatcher types. By sending a specially-crafted request, an attacker can bypass authorization rules.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-863 - Incorrect Authorization

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.12 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-36437

A flaw was found in Hazelcast and Hazelcast Jet. This flaw may allow an attacker unauthenticated access to manipulate data in the cluster.

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-384 - Session Fixation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.12 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Critical

CVE-2022-38398

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.12 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-38648

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.12 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-40146

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.12 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-41704

A flaw was found in Batik. This issue may allow a malicious user to run untrusted Java code from an SVG.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.12 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-41854

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.12 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-41881

A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service (DoS).

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-674 - Uncontrolled Recursion

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.12 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-41940

A flaw was found in engine.io. The Socket.IO Engine.IO is vulnerable to a denial of service caused by an uncaught exception flaw. By sending a specially-crafted HTTP request, a remote, authenticated attacker can cause the Node.js process to crash, resulting in a denial of service.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-248 - Uncaught Exception

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.12 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-41946

A flaw was found in org.postgresql. This issue allows the creation of a temporary file when using PreparedStatement.setText(int, InputStream) and PreparedStatemet.setBytea(int, InputStream). This could allow a user to create an unexpected file available to all users, which could end in unexpected behavior.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-377 - Insecure Temporary File

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.12 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-41966

A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.12 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-42890

A flaw was found in Batik of Apache XML Graphics. This issue may allow a malicious user to run Java code from untrusted SVG via JavaScript.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.12 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-42920

An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.12 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-45143

A flaw was found in the Tomcat package. This flaw allowed users to input an invalid JSON structure, causing unwanted behavior as it did not escape the type, message, or description values.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.12 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Low

CVE-2022-46363

A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.12 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-46364

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.12 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Important

CVE-2023-1108

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.12 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Important

CVE-2023-1370

A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-674 - Uncontrolled Recursion

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.12 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Important

CVE-2023-20860

A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-155 - Improper Neutralization of Wildcards or Matching Symbols

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.12 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Important

CVE-2023-20861

A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.12 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-20883

A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.12 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-22602

A flaw was found in Apache Shiro. This issue may allow a malicious user to send a specially crafted HTTP request that could cause an authentication bypass.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-436 - Interpretation Conflict

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.12 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-33201

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Fuse 7.12 Red Hat / Red Hat JBoss Fuse	`cpe:/a:redhat:jboss_fuse:7`	—	Vendor Fix fix

Threats

Impact Moderate

References

167 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:3954	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/jbossnetwork/restricted…	external
https://access.redhat.com/documentation/en-us/red…	external
https://bugzilla.redhat.com/show_bug.cgi?id=873317	external
https://bugzilla.redhat.com/show_bug.cgi?id=1886587	external
https://bugzilla.redhat.com/show_bug.cgi?id=2072009	external
https://bugzilla.redhat.com/show_bug.cgi?id=2142707	external
https://bugzilla.redhat.com/show_bug.cgi?id=2144970	external
https://bugzilla.redhat.com/show_bug.cgi?id=2151988	external
https://bugzilla.redhat.com/show_bug.cgi?id=2153260	external
https://bugzilla.redhat.com/show_bug.cgi?id=2153379	external
https://bugzilla.redhat.com/show_bug.cgi?id=2153399	external
https://bugzilla.redhat.com/show_bug.cgi?id=2155291	external
https://bugzilla.redhat.com/show_bug.cgi?id=2155292	external
https://bugzilla.redhat.com/show_bug.cgi?id=2155295	external
https://bugzilla.redhat.com/show_bug.cgi?id=2155681	external
https://bugzilla.redhat.com/show_bug.cgi?id=2155682	external
https://bugzilla.redhat.com/show_bug.cgi?id=2158695	external
https://bugzilla.redhat.com/show_bug.cgi?id=2162053	external
https://bugzilla.redhat.com/show_bug.cgi?id=2162206	external
https://bugzilla.redhat.com/show_bug.cgi?id=2170431	external
https://bugzilla.redhat.com/show_bug.cgi?id=2174246	external
https://bugzilla.redhat.com/show_bug.cgi?id=2180528	external
https://bugzilla.redhat.com/show_bug.cgi?id=2180530	external
https://bugzilla.redhat.com/show_bug.cgi?id=2182182	external
https://bugzilla.redhat.com/show_bug.cgi?id=2182183	external
https://bugzilla.redhat.com/show_bug.cgi?id=2182198	external
https://bugzilla.redhat.com/show_bug.cgi?id=2188542	external
https://bugzilla.redhat.com/show_bug.cgi?id=2209342	external
https://bugzilla.redhat.com/show_bug.cgi?id=2215465	external
https://issues.redhat.com/browse/ENTESB-20598	external
https://issues.redhat.com/browse/ENTESB-21418	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2012-5783	self
https://bugzilla.redhat.com/show_bug.cgi?id=873317	external
https://www.cve.org/CVERecord?id=CVE-2012-5783	external
https://nvd.nist.gov/vuln/detail/CVE-2012-5783	external
https://access.redhat.com/security/cve/CVE-2020-13956	self
https://bugzilla.redhat.com/show_bug.cgi?id=1886587	external
https://www.cve.org/CVERecord?id=CVE-2020-13956	external
https://nvd.nist.gov/vuln/detail/CVE-2020-13956	external
https://www.openwall.com/lists/oss-security/2020/…	external
https://access.redhat.com/security/cve/CVE-2022-4492	self
https://bugzilla.redhat.com/show_bug.cgi?id=2153260	external
https://www.cve.org/CVERecord?id=CVE-2022-4492	external
https://nvd.nist.gov/vuln/detail/CVE-2022-4492	external
https://access.redhat.com/security/cve/CVE-2022-24785	self
https://bugzilla.redhat.com/show_bug.cgi?id=2072009	external
https://www.cve.org/CVERecord?id=CVE-2022-24785	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24785	external
https://github.com/moment/moment/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2022-31692	self
https://bugzilla.redhat.com/show_bug.cgi?id=2162206	external
https://www.cve.org/CVERecord?id=CVE-2022-31692	external
https://nvd.nist.gov/vuln/detail/CVE-2022-31692	external
https://spring.io/security/cve-2022-31692	external
https://access.redhat.com/security/cve/CVE-2022-36437	self
https://bugzilla.redhat.com/show_bug.cgi?id=2162053	external
https://www.cve.org/CVERecord?id=CVE-2022-36437	external
https://nvd.nist.gov/vuln/detail/CVE-2022-36437	external
https://github.com/hazelcast/hazelcast/security/a…	external
https://access.redhat.com/security/cve/CVE-2022-38398	self
https://bugzilla.redhat.com/show_bug.cgi?id=2155292	external
https://www.cve.org/CVERecord?id=CVE-2022-38398	external
https://nvd.nist.gov/vuln/detail/CVE-2022-38398	external
http://svn.apache.org/viewvc?view=revision&revisi…	external
https://issues.apache.org/jira/browse/BATIK-1331	external
https://lists.apache.org/thread/712c9xwtmyghyokzr…	external
https://access.redhat.com/security/cve/CVE-2022-38648	self
https://bugzilla.redhat.com/show_bug.cgi?id=2155295	external
https://www.cve.org/CVERecord?id=CVE-2022-38648	external
https://nvd.nist.gov/vuln/detail/CVE-2022-38648	external
http://svn.apache.org/viewvc?view=revision&revisi…	external
https://issues.apache.org/jira/browse/BATIK-1333	external
https://lists.apache.org/thread/gfsktxvj7jtwyovmh…	external
https://access.redhat.com/security/cve/CVE-2022-40146	self
https://bugzilla.redhat.com/show_bug.cgi?id=2155291	external
https://www.cve.org/CVERecord?id=CVE-2022-40146	external
https://nvd.nist.gov/vuln/detail/CVE-2022-40146	external
http://svn.apache.org/viewvc?view=revision&revisi…	external
https://issues.apache.org/jira/browse/BATIK-1335	external
https://lists.apache.org/thread/hxtddqjty2sbs12y9…	external
https://access.redhat.com/security/cve/CVE-2022-41704	self
https://bugzilla.redhat.com/show_bug.cgi?id=2182182	external
https://www.cve.org/CVERecord?id=CVE-2022-41704	external
https://nvd.nist.gov/vuln/detail/CVE-2022-41704	external
https://access.redhat.com/security/cve/CVE-2022-41854	self
https://bugzilla.redhat.com/show_bug.cgi?id=2151988	external
https://www.cve.org/CVERecord?id=CVE-2022-41854	external
https://nvd.nist.gov/vuln/detail/CVE-2022-41854	external
https://bitbucket.org/snakeyaml/snakeyaml/issues/…	external
https://bugs.chromium.org/p/oss-fuzz/issues/detai…	external
https://access.redhat.com/security/cve/CVE-2022-41881	self
https://bugzilla.redhat.com/show_bug.cgi?id=2153379	external
https://www.cve.org/CVERecord?id=CVE-2022-41881	external
https://nvd.nist.gov/vuln/detail/CVE-2022-41881	external
https://access.redhat.com/security/cve/CVE-2022-41940	self
https://bugzilla.redhat.com/show_bug.cgi?id=2144970	external
https://www.cve.org/CVERecord?id=CVE-2022-41940	external
https://nvd.nist.gov/vuln/detail/CVE-2022-41940	external
https://access.redhat.com/security/cve/CVE-2022-41946	self
https://bugzilla.redhat.com/show_bug.cgi?id=2153399	external
https://www.cve.org/CVERecord?id=CVE-2022-41946	external
https://nvd.nist.gov/vuln/detail/CVE-2022-41946	external
https://access.redhat.com/security/cve/CVE-2022-41966	self
https://bugzilla.redhat.com/show_bug.cgi?id=2170431	external
https://www.cve.org/CVERecord?id=CVE-2022-41966	external
https://nvd.nist.gov/vuln/detail/CVE-2022-41966	external
https://github.com/x-stream/xstream/security/advi…	external
https://access.redhat.com/security/cve/CVE-2022-42890	self
https://bugzilla.redhat.com/show_bug.cgi?id=2182183	external
https://www.cve.org/CVERecord?id=CVE-2022-42890	external
https://nvd.nist.gov/vuln/detail/CVE-2022-42890	external
https://access.redhat.com/security/cve/CVE-2022-42920	self
https://bugzilla.redhat.com/show_bug.cgi?id=2142707	external
https://www.cve.org/CVERecord?id=CVE-2022-42920	external
https://nvd.nist.gov/vuln/detail/CVE-2022-42920	external
https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm…	external
https://access.redhat.com/security/cve/CVE-2022-45143	self
https://bugzilla.redhat.com/show_bug.cgi?id=2158695	external
https://www.cve.org/CVERecord?id=CVE-2022-45143	external
https://nvd.nist.gov/vuln/detail/CVE-2022-45143	external
https://lists.apache.org/thread/yqkd183xrw3wqvnpc…	external
https://access.redhat.com/security/cve/CVE-2022-46363	self
https://bugzilla.redhat.com/show_bug.cgi?id=2155681	external
https://www.cve.org/CVERecord?id=CVE-2022-46363	external
https://nvd.nist.gov/vuln/detail/CVE-2022-46363	external
https://lists.apache.org/thread/pdzo1qgyplf4y523t…	external
https://access.redhat.com/security/cve/CVE-2022-46364	self
https://bugzilla.redhat.com/show_bug.cgi?id=2155682	external
https://www.cve.org/CVERecord?id=CVE-2022-46364	external
https://nvd.nist.gov/vuln/detail/CVE-2022-46364	external
https://cxf.apache.org/security-advisories.data/C…	external
https://access.redhat.com/security/cve/CVE-2023-1108	self
https://bugzilla.redhat.com/show_bug.cgi?id=2174246	external
https://www.cve.org/CVERecord?id=CVE-2023-1108	external
https://nvd.nist.gov/vuln/detail/CVE-2023-1108	external
https://github.com/advisories/GHSA-m4mm-pg93-fv78	external
https://access.redhat.com/security/cve/CVE-2023-1370	self
https://bugzilla.redhat.com/show_bug.cgi?id=2188542	external
https://www.cve.org/CVERecord?id=CVE-2023-1370	external
https://nvd.nist.gov/vuln/detail/CVE-2023-1370	external
https://github.com/advisories/GHSA-493p-pfq6-5258	external
https://research.jfrog.com/vulnerabilities/stack-…	external
https://access.redhat.com/security/cve/CVE-2023-20860	self
https://bugzilla.redhat.com/show_bug.cgi?id=2180528	external
https://www.cve.org/CVERecord?id=CVE-2023-20860	external
https://nvd.nist.gov/vuln/detail/CVE-2023-20860	external
https://spring.io/blog/2023/03/20/spring-framewor…	external
https://access.redhat.com/security/cve/CVE-2023-20861	self
https://bugzilla.redhat.com/show_bug.cgi?id=2180530	external
https://www.cve.org/CVERecord?id=CVE-2023-20861	external
https://nvd.nist.gov/vuln/detail/CVE-2023-20861	external
https://access.redhat.com/security/cve/CVE-2023-20883	self
https://bugzilla.redhat.com/show_bug.cgi?id=2209342	external
https://www.cve.org/CVERecord?id=CVE-2023-20883	external
https://nvd.nist.gov/vuln/detail/CVE-2023-20883	external
https://access.redhat.com/security/cve/CVE-2023-22602	self
https://bugzilla.redhat.com/show_bug.cgi?id=2182198	external
https://www.cve.org/CVERecord?id=CVE-2023-22602	external
https://nvd.nist.gov/vuln/detail/CVE-2023-22602	external
https://access.redhat.com/security/cve/CVE-2023-33201	self
https://bugzilla.redhat.com/show_bug.cgi?id=2215465	external
https://www.cve.org/CVERecord?id=CVE-2023-33201	external
https://nvd.nist.gov/vuln/detail/CVE-2023-33201	external
https://github.com/bcgit/bc-java/wiki/CVE-2023-33201	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A minor version update (from 7.11 to 7.12) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This release of Red Hat Fuse 7.12 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.\n\nSecurity Fix(es):\n\n* hazelcast: Hazelcast connection caching (CVE-2022-36437)\n\n* spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security (CVE-2022-31692)\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow (CVE-2022-41966)\n\n* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n\n* Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\n* Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)\n\n* jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name (CVE-2012-5783)\n\n* apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)\n\n* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* batik: Server-Side Request Forgery (CVE-2022-38398)\n\n* batik: Server-Side Request Forgery (CVE-2022-38648)\n\n* batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146)\n\n* batik: Apache XML Graphics Batik vulnerable to code execution via SVG (CVE-2022-41704)\n\n* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n* engine.io: Specially crafted HTTP request can trigger an uncaught exception (CVE-2022-41940)\n\n* postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions (CVE-2022-41946)\n\n* batik: Untrusted code execution in Apache XML Graphics Batik (CVE-2022-42890)\n\n* Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)\n\n* shiro: Authentication bypass through a specially crafted HTTP request (CVE-2023-22602)\n\n* bouncycastle: potential  blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n\n* tomcat: JsonErrorReportValve injection (CVE-2022-45143)\n\nFor more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:3954",
        "url": "https://access.redhat.com/errata/RHSA-2023:3954"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.12.0",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.12.0"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.12/",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.12/"
      },
      {
        "category": "external",
        "summary": "873317",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=873317"
      },
      {
        "category": "external",
        "summary": "1886587",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886587"
      },
      {
        "category": "external",
        "summary": "2072009",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
      },
      {
        "category": "external",
        "summary": "2142707",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707"
      },
      {
        "category": "external",
        "summary": "2144970",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144970"
      },
      {
        "category": "external",
        "summary": "2151988",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151988"
      },
      {
        "category": "external",
        "summary": "2153260",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
      },
      {
        "category": "external",
        "summary": "2153379",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153379"
      },
      {
        "category": "external",
        "summary": "2153399",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153399"
      },
      {
        "category": "external",
        "summary": "2155291",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155291"
      },
      {
        "category": "external",
        "summary": "2155292",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155292"
      },
      {
        "category": "external",
        "summary": "2155295",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155295"
      },
      {
        "category": "external",
        "summary": "2155681",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681"
      },
      {
        "category": "external",
        "summary": "2155682",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
      },
      {
        "category": "external",
        "summary": "2158695",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158695"
      },
      {
        "category": "external",
        "summary": "2162053",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162053"
      },
      {
        "category": "external",
        "summary": "2162206",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162206"
      },
      {
        "category": "external",
        "summary": "2170431",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431"
      },
      {
        "category": "external",
        "summary": "2174246",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246"
      },
      {
        "category": "external",
        "summary": "2180528",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528"
      },
      {
        "category": "external",
        "summary": "2180530",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180530"
      },
      {
        "category": "external",
        "summary": "2182182",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182182"
      },
      {
        "category": "external",
        "summary": "2182183",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182183"
      },
      {
        "category": "external",
        "summary": "2182198",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182198"
      },
      {
        "category": "external",
        "summary": "2188542",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
      },
      {
        "category": "external",
        "summary": "2209342",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209342"
      },
      {
        "category": "external",
        "summary": "2215465",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
      },
      {
        "category": "external",
        "summary": "ENTESB-20598",
        "url": "https://issues.redhat.com/browse/ENTESB-20598"
      },
      {
        "category": "external",
        "summary": "ENTESB-21418",
        "url": "https://issues.redhat.com/browse/ENTESB-21418"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3954.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Fuse 7.12 release and security update",
    "tracking": {
      "current_release_date": "2024-12-17T22:56:32+00:00",
      "generator": {
        "date": "2024-12-17T22:56:32+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2023:3954",
      "initial_release_date": "2023-06-29T20:07:23+00:00",
      "revision_history": [
        {
          "date": "2023-06-29T20:07:23+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-06-29T20:07:23+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-17T22:56:32+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Fuse 7.12",
                "product": {
                  "name": "Red Hat Fuse 7.12",
                  "product_id": "Red Hat Fuse 7.12",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_fuse:7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Fuse"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2012-5783",
      "discovery_date": "2012-11-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "873317"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2012-5783"
        },
        {
          "category": "external",
          "summary": "RHBZ#873317",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=873317"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5783",
          "url": "https://www.cve.org/CVERecord?id=CVE-2012-5783"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5783",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5783"
        }
      ],
      "release_date": "2012-10-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T20:07:23+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3954"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name"
    },
    {
      "cve": "CVE-2020-13956",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2020-10-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1886587"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apache-httpclient: incorrect handling of malformed authority component in request URIs",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP) the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable httpclient library to authenticated users only. Additionally the vulnerable httpclient library is not used directly in OCP components, therefore the impact by this vulnerability is Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\nIn the Red Hat Enterprise Linux platforms, Maven 35 and 36 are affected via their respective `httpcomponents-client` component.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-13956"
        },
        {
          "category": "external",
          "summary": "RHBZ#1886587",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886587"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13956",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13956",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13956"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2020/10/08/4",
          "url": "https://www.openwall.com/lists/oss-security/2020/10/08/4"
        }
      ],
      "release_date": "2020-10-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T20:07:23+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3954"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apache-httpclient: incorrect handling of malformed authority component in request URIs"
    },
    {
      "cve": "CVE-2022-4492",
      "cwe": {
        "id": "CWE-550",
        "name": "Server-generated Error Message Containing Sensitive Information"
      },
      "discovery_date": "2022-12-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2153260"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "undertow: Server identity in https connection is not checked by the undertow client",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-4492"
        },
        {
          "category": "external",
          "summary": "RHBZ#2153260",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4492",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-4492"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492"
        }
      ],
      "release_date": "2022-12-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T20:07:23+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3954"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "undertow: Server identity in https connection is not checked by the undertow client"
    },
    {
      "cve": "CVE-2022-24785",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2022-04-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2072009"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Moment.js: Path traversal  in moment.locale",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24785"
        },
        {
          "category": "external",
          "summary": "RHBZ#2072009",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
        },
        {
          "category": "external",
          "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
          "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
        }
      ],
      "release_date": "2022-04-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T20:07:23+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3954"
        },
        {
          "category": "workaround",
          "details": "Sanitize the user-provided locale name before passing it to Moment.js.",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Moment.js: Path traversal  in moment.locale"
    },
    {
      "cve": "CVE-2022-31692",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "discovery_date": "2023-01-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2162206"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the spring-security framework. Spring Security could allow a remote attacker to bypass security restrictions caused by an issue when using forward or include dispatcher types. By sending a specially-crafted request, an attacker can bypass authorization rules.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-31692"
        },
        {
          "category": "external",
          "summary": "RHBZ#2162206",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162206"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31692",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-31692"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31692",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31692"
        },
        {
          "category": "external",
          "summary": "https://spring.io/security/cve-2022-31692",
          "url": "https://spring.io/security/cve-2022-31692"
        }
      ],
      "release_date": "2022-10-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T20:07:23+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3954"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security"
    },
    {
      "cve": "CVE-2022-36437",
      "cwe": {
        "id": "CWE-384",
        "name": "Session Fixation"
      },
      "discovery_date": "2023-01-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2162053"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Hazelcast and Hazelcast Jet. This flaw may allow an attacker unauthenticated access to manipulate data in the cluster.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hazelcast: Hazelcast connection caching",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Integration - Camel Quarkus Extensions: Hazelcast is contained in camel-quarkus-hazelcast but it does not affect any supported component. This package is community support only. Hence the low impact for Camel Quarkus Extension.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-36437"
        },
        {
          "category": "external",
          "summary": "RHBZ#2162053",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162053"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-36437",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-36437"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-36437",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36437"
        },
        {
          "category": "external",
          "summary": "https://github.com/hazelcast/hazelcast/security/advisories/GHSA-c5hg-mr8r-f6jp",
          "url": "https://github.com/hazelcast/hazelcast/security/advisories/GHSA-c5hg-mr8r-f6jp"
        }
      ],
      "release_date": "2022-12-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T20:07:23+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3954"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "hazelcast: Hazelcast connection caching"
    },
    {
      "cve": "CVE-2022-38398",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2022-12-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2155292"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "batik: Server-Side Request Forgery",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-38398"
        },
        {
          "category": "external",
          "summary": "RHBZ#2155292",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155292"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38398",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-38398"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38398",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38398"
        },
        {
          "category": "external",
          "summary": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903462",
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903462"
        },
        {
          "category": "external",
          "summary": "https://issues.apache.org/jira/browse/BATIK-1331",
          "url": "https://issues.apache.org/jira/browse/BATIK-1331"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx",
          "url": "https://lists.apache.org/thread/712c9xwtmyghyokzrm2ml6sps4xlmbsx"
        }
      ],
      "release_date": "2022-09-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T20:07:23+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3954"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "batik: Server-Side Request Forgery"
    },
    {
      "cve": "CVE-2022-38648",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2022-12-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2155295"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "batik: Server-Side Request Forgery",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-38648"
        },
        {
          "category": "external",
          "summary": "RHBZ#2155295",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155295"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38648",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-38648"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38648",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38648"
        },
        {
          "category": "external",
          "summary": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903625",
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903625"
        },
        {
          "category": "external",
          "summary": "https://issues.apache.org/jira/browse/BATIK-1333",
          "url": "https://issues.apache.org/jira/browse/BATIK-1333"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b",
          "url": "https://lists.apache.org/thread/gfsktxvj7jtwyovmhhbrw0bs13wfjd7b"
        }
      ],
      "release_date": "2022-09-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T20:07:23+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3954"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "batik: Server-Side Request Forgery"
    },
    {
      "cve": "CVE-2022-40146",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2022-12-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2155291"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "batik: Server-Side Request Forgery (SSRF) vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-40146"
        },
        {
          "category": "external",
          "summary": "RHBZ#2155291",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155291"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40146",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-40146"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40146",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40146"
        },
        {
          "category": "external",
          "summary": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903910",
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1903910"
        },
        {
          "category": "external",
          "summary": "https://issues.apache.org/jira/browse/BATIK-1335",
          "url": "https://issues.apache.org/jira/browse/BATIK-1335"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx",
          "url": "https://lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx"
        }
      ],
      "release_date": "2022-09-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T20:07:23+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3954"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "batik: Server-Side Request Forgery (SSRF) vulnerability"
    },
    {
      "cve": "CVE-2022-41704",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2023-03-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2182182"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Batik.\u00a0This issue may allow a malicious user to run untrusted Java code from an SVG.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "batik: Apache XML Graphics Batik vulnerable to code execution via SVG",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-41704"
        },
        {
          "category": "external",
          "summary": "RHBZ#2182182",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182182"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41704",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41704"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41704",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41704"
        }
      ],
      "release_date": "2022-10-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T20:07:23+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3954"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "batik: Apache XML Graphics Batik vulnerable to code execution via SVG"
    },
    {
      "cve": "CVE-2022-41854",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2022-12-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2151988"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "dev-java/snakeyaml: DoS via stack overflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-41854"
        },
        {
          "category": "external",
          "summary": "RHBZ#2151988",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151988"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41854",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854"
        },
        {
          "category": "external",
          "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355",
          "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355"
        },
        {
          "category": "external",
          "summary": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355",
          "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355"
        }
      ],
      "release_date": "2022-11-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T20:07:23+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3954"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "dev-java/snakeyaml: DoS via stack overflow"
    },
    {
      "cve": "CVE-2022-41881",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "discovery_date": "2022-12-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2153379"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service (DoS).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-41881"
        },
        {
          "category": "external",
          "summary": "RHBZ#2153379",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153379"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41881",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881"
        }
      ],
      "release_date": "2022-12-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T20:07:23+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3954"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS"
    },
    {
      "cve": "CVE-2022-41940",
      "cwe": {
        "id": "CWE-248",
        "name": "Uncaught Exception"
      },
      "discovery_date": "2022-11-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2144970"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in engine.io. The Socket.IO Engine.IO is vulnerable to a denial of service caused by an uncaught exception flaw. By sending a specially-crafted HTTP request, a remote, authenticated attacker can cause the Node.js process to crash, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "engine.io: Specially crafted HTTP request can trigger an uncaught exception",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-41940"
        },
        {
          "category": "external",
          "summary": "RHBZ#2144970",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144970"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41940",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41940"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41940",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41940"
        }
      ],
      "release_date": "2022-11-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T20:07:23+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3954"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "engine.io: Specially crafted HTTP request can trigger an uncaught exception"
    },
    {
      "cve": "CVE-2022-41946",
      "cwe": {
        "id": "CWE-377",
        "name": "Insecure Temporary File"
      },
      "discovery_date": "2022-12-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2153399"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in org.postgresql. This issue allows the creation of a temporary file when using PreparedStatement.setText(int, InputStream) and PreparedStatemet.setBytea(int, InputStream). This could allow a user to create an unexpected file available to all users, which could end in unexpected behavior.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Satellite ships a PostgreSQL JDBC Driver for Hibernate ORM framework, which is embeds into Candlepin. Although Candlepin itself doesn\u0027t make direct use of the PreparedStatement methods from the PostgreSQL JDBC Driver, Hibernate ORM does utilize these methods, potentially making framework affected. Satellite server operating in an environment with untrusted users while the driver is running are vulnerable to the flaw, however, deployments without untrusted users are considered safe. A future Satellite update should address this issue.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-41946"
        },
        {
          "category": "external",
          "summary": "RHBZ#2153399",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153399"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41946",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41946"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41946",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41946"
        }
      ],
      "release_date": "2022-11-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T20:07:23+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3954"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions"
    },
    {
      "cve": "CVE-2022-41966",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2023-02-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2170431"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Fuse 7 ships an affected version of XStream. No endpoint in any flavor of Fuse is accepting by default an unverified input stream passed directly to XStream unmarshaller. Documentation always recommend all the endpoints (TCP/UDP/HTTP(S)/other listeners) to have at least one layer of authentication/authorization and Fuse in general itself in particular has a lot of mechanisms to protect the endpoints.\n\nRed Hat Single Sign-On contains XStream as a transitive dependency from Infinispan and the same is not affected as NO_REFERENCE is in use.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-41966"
        },
        {
          "category": "external",
          "summary": "RHBZ#2170431",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41966",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41966"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966"
        },
        {
          "category": "external",
          "summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv",
          "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv"
        }
      ],
      "release_date": "2022-12-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T20:07:23+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3954"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow"
    },
    {
      "cve": "CVE-2022-42890",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2023-03-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2182183"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Batik of Apache XML Graphics. This issue may allow a malicious user to run Java code from untrusted SVG via JavaScript.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "batik: Untrusted code execution in Apache XML Graphics Batik",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-42890"
        },
        {
          "category": "external",
          "summary": "RHBZ#2182183",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182183"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42890",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42890"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42890",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42890"
        }
      ],
      "release_date": "2022-10-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T20:07:23+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3954"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "batik: Untrusted code execution in Apache XML Graphics Batik"
    },
    {
      "cve": "CVE-2022-42920",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2022-11-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2142707"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Fuse 7 ships the code in question but does not utilize it in the product, so it is affected at a reduced impact of Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-42920"
        },
        {
          "category": "external",
          "summary": "RHBZ#2142707",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4",
          "url": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4"
        }
      ],
      "release_date": "2022-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T20:07:23+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3954"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing"
    },
    {
      "cve": "CVE-2022-45143",
      "cwe": {
        "id": "CWE-74",
        "name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
      },
      "discovery_date": "2023-01-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2158695"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Tomcat package. This flaw allowed users to input an invalid JSON structure, causing unwanted behavior as it did not escape the type, message, or description values.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: JsonErrorReportValve injection",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Although it may be rated as CVSS 7.5, it\u0027s still considered a low impact flaw as according to the advisory report from Apache, user controlled data may occur in specific cases only and may alter some specific fields only.\n\nRed Hat Satellite does not include the affected Apache Tomcat, however, Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-45143"
        },
        {
          "category": "external",
          "summary": "RHBZ#2158695",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158695"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45143",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-45143"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45143",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45143"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj",
          "url": "https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj"
        }
      ],
      "release_date": "2023-01-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T20:07:23+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3954"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: JsonErrorReportValve injection"
    },
    {
      "cve": "CVE-2022-46363",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2022-12-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2155681"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "CXF: directory listing / code exfiltration",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-46363"
        },
        {
          "category": "external",
          "summary": "RHBZ#2155681",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46363",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c",
          "url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c"
        }
      ],
      "release_date": "2022-12-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T20:07:23+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3954"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "CXF: directory listing / code exfiltration"
    },
    {
      "cve": "CVE-2022-46364",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2022-12-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2155682"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "CXF: SSRF Vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-46364"
        },
        {
          "category": "external",
          "summary": "RHBZ#2155682",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
        },
        {
          "category": "external",
          "summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
          "url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
        }
      ],
      "release_date": "2022-12-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T20:07:23+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3954"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "CXF: SSRF Vulnerability"
    },
    {
      "cve": "CVE-2023-1108",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2023-02-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2174246"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Undertow: Infinite loop in SslConduit during close",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-1108"
        },
        {
          "category": "external",
          "summary": "RHBZ#2174246",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1108",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-1108"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1108",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1108"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-m4mm-pg93-fv78",
          "url": "https://github.com/advisories/GHSA-m4mm-pg93-fv78"
        }
      ],
      "release_date": "2023-03-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T20:07:23+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3954"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Undertow: Infinite loop in SslConduit during close"
    },
    {
      "cve": "CVE-2023-1370",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "discovery_date": "2023-04-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2188542"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the json-smart package. This security flaw occurs when reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-1370"
        },
        {
          "category": "external",
          "summary": "RHBZ#2188542",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1370",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-493p-pfq6-5258",
          "url": "https://github.com/advisories/GHSA-493p-pfq6-5258"
        },
        {
          "category": "external",
          "summary": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/",
          "url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/"
        }
      ],
      "release_date": "2023-03-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T20:07:23+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3954"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)"
    },
    {
      "cve": "CVE-2023-20860",
      "cwe": {
        "id": "CWE-155",
        "name": "Improper Neutralization of Wildcards or Matching Symbols"
      },
      "discovery_date": "2023-03-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2180528"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-20860"
        },
        {
          "category": "external",
          "summary": "RHBZ#2180528",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-20860",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-20860"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860"
        },
        {
          "category": "external",
          "summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861",
          "url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861"
        }
      ],
      "release_date": "2023-03-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T20:07:23+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3954"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern"
    },
    {
      "cve": "CVE-2023-20861",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2023-03-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2180530"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "springframework: Spring Expression DoS Vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-20861"
        },
        {
          "category": "external",
          "summary": "RHBZ#2180530",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180530"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-20861",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-20861"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861"
        },
        {
          "category": "external",
          "summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861",
          "url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861"
        }
      ],
      "release_date": "2023-03-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T20:07:23+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3954"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "springframework: Spring Expression DoS Vulnerability"
    },
    {
      "cve": "CVE-2023-20883",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-05-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2209342"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot\u0027s welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "spring-boot: Spring Boot Welcome Page DoS Vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-20883"
        },
        {
          "category": "external",
          "summary": "RHBZ#2209342",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209342"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-20883",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-20883"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20883",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20883"
        }
      ],
      "release_date": "2023-05-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T20:07:23+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3954"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "spring-boot: Spring Boot Welcome Page DoS Vulnerability"
    },
    {
      "cve": "CVE-2023-22602",
      "cwe": {
        "id": "CWE-436",
        "name": "Interpretation Conflict"
      },
      "discovery_date": "2023-03-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2182198"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Shiro. This issue may allow a malicious user to send a specially crafted HTTP request that could cause an authentication bypass.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "shiro: Authentication bypass through a specially crafted HTTP request",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-22602"
        },
        {
          "category": "external",
          "summary": "RHBZ#2182198",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182198"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-22602",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-22602"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-22602",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22602"
        }
      ],
      "release_date": "2023-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T20:07:23+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3954"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "shiro: Authentication bypass through a specially crafted HTTP request"
    },
    {
      "cve": "CVE-2023-33201",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2023-06-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2215465"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bouncycastle: potential  blind LDAP injection attack using a self-signed certificate",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Fuse 7.12"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "RHBZ#2215465",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215465"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-33201",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
        },
        {
          "category": "external",
          "summary": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201",
          "url": "https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"
        }
      ],
      "release_date": "2023-06-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T20:07:23+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Fuse 7.12"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3954"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Fuse 7.12"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "bouncycastle: potential  blind LDAP injection attack using a self-signed certificate"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-33201 (GCVE-0-2023-33201)

Tags

Sightings

Nomenclature